Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0221

The remote host is missing updates announced in
advisory RHSA-2008:0221.

The flash-plugin package contains a Firefox-compatible Adobe Flash Player
Web browser plug-in.

Several input validation flaws were found in the way Flash Player displayed
certain content. These may have made it possible to execute arbitrary code
on a victim's machine, if the victim opened a malicious Adobe Flash file.
(CVE-2007-0071, CVE-2007-6019)

A flaw was found in the way Flash Player established TCP sessions to remote
hosts. A remote attacker could, consequently, use Flash Player to conduct a
DNS rebinding attack. (CVE-2007-5275, CVE-2008-1655)

A flaw was found in the way Flash Player restricted the interpretation and
usage of cross-domain policy files. A remote attacker could use Flash
Player to conduct cross-domain and cross-site scripting attacks.
(CVE-2007-6243, CVE-2008-1654)

A flaw was found in the way Flash Player interacted with web browsers. An
attacker could use malicious content presented by Flash Player to conduct a
cross-site scripting attack. (CVE-2007-6637)

All users of Adobe Flash Player should upgrade to this updated package,
which contains Flash Player version and resolves these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5275
BugTraq ID: 26930
Cert/CC Advisory: TA07-355A
Cert/CC Advisory: TA08-100A
Cert/CC Advisory: TA08-150A
SuSE Security Announcement: SUSE-SA:2007:069 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:022 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2007-6243
BugTraq ID: 26929
BugTraq ID: 26966
CERT/CC vulnerability note: VU#935737
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
XForce ISS Database: adobe-unspecified-security-bypass(39129)
Common Vulnerability Exposure (CVE) ID: CVE-2007-6637
BugTraq ID: 27034
Common Vulnerability Exposure (CVE) ID: CVE-2007-6019
BugTraq ID: 28694
Bugtraq: 20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability (Google Search)
Bugtraq: 20080414 Secunia Research: Adobe Flash Player "Declare Function (V7)" HeapOverflow (Google Search)
XForce ISS Database: adobe-flash-declarefunction2-bo(41717)
Common Vulnerability Exposure (CVE) ID: CVE-2007-0071
BugTraq ID: 28695
BugTraq ID: 29386
Cert/CC Advisory: TA08-149A
CERT/CC vulnerability note: VU#159523
CERT/CC vulnerability note: VU#395473
ISS Security Advisory: 20080408 Adobe Flash Player Invalid Pointer Vulnerability
XForce ISS Database: multimedia-file-integer-overflow(37277)
Common Vulnerability Exposure (CVE) ID: CVE-2008-1655
BugTraq ID: 28697
XForce ISS Database: adobe-flash-dnsrebinding-security-bypass(41807)
Common Vulnerability Exposure (CVE) ID: CVE-2008-1654
BugTraq ID: 28696
Bugtraq: 20080113 Hacking The Interwebs (Google Search)
CERT/CC vulnerability note: VU#347812
XForce ISS Database: adobe-flash-navigatetourl-csrf(41718)
CopyrightCopyright (c) 2008 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.