Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:1126

The remote host is missing updates announced in
advisory RHSA-2007:1126.

The flash-plugin package contains a Firefox-compatible Adobe Flash Player
Web browser plug-in.

Several input validation flaws were found in the way Flash Player displays
certain content. It may be possible to execute arbitrary code on a victim's
machine, if the victim opens a malicious Adobe Flash file.
(CVE-2007-4768, CVE-2007-6242, CVE-2007-6246)

A flaw was found in the way Flash Player handled the asfunction: protocol.
Malformed SWF files could perform a cross-site scripting attack.

A flaw was found in the way Flash Player modified HTTP request headers.
Malicious content could allow Flash Player to conduct a HTTP response
splitting attack. (CVE-2007-6245)

A flaw was found in the way Flash Player processes certain SWF content. A
malicious SWF file could allow a remote attacker to conduct a port scanning
attack from the client's machine. (CVE-2007-4324)

A flaw was found in the way Flash Player establishes TCP sessions. A remote
attacker could use Flash Player to conduct a DNS rebinding attack.

Users of Adobe Flash Player are advised to upgrade to this updated package,
which contains version and resolves these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5275
BugTraq ID: 26930
Cert/CC Advisory: TA07-355A
Cert/CC Advisory: TA08-100A
Cert/CC Advisory: TA08-150A
SuSE Security Announcement: SUSE-SA:2007:069 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:022 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2007-4324
BugTraq ID: 25260
Bugtraq: 20070809 Design flaw in AS3 socket handling allows port probing (Google Search)
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2007-4768
BugTraq ID: 26346
Bugtraq: 20071106 rPSA-2007-0231-1 pcre (Google Search)
Bugtraq: 20071112 FLEA-2007-0064-1 pcre (Google Search)
Cert/CC Advisory: TA07-352A
Debian Security Information: DSA-1399 (Google Search)
Debian Security Information: DSA-1570 (Google Search)
XForce ISS Database: pcre-class-unicode-bo(38278)
Common Vulnerability Exposure (CVE) ID: CVE-2007-6242
BugTraq ID: 26951
XForce ISS Database: adobe-swf-code-execution(39128)
Common Vulnerability Exposure (CVE) ID: CVE-2007-6244
BugTraq ID: 26929
BugTraq ID: 26949
BugTraq ID: 26960
CERT/CC vulnerability note: VU#758769
XForce ISS Database: adobe-asfunction-protocol-xss(39130)
XForce ISS Database: adobe-navigatetourl-xss(39131)
Common Vulnerability Exposure (CVE) ID: CVE-2007-6245
BugTraq ID: 26969
XForce ISS Database: adobe-unspecified-response-splitting(39134)
Common Vulnerability Exposure (CVE) ID: CVE-2007-6246
BugTraq ID: 26965
XForce ISS Database: adobe-memory-privilege-escalation(39136)
CopyrightCopyright (c) 2007 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.