Test ID:	1.3.6.1.4.1.25623.1.0.64511
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2009:1188
Summary:	The remote host is missing updates announced in;advisory RHSA-2009:1188.;;The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash;Player web browser plug-in.;;Multiple security flaws were found in the way Flash Player displayed;certain SWF content. An attacker could use these flaws to create a;specially-crafted SWF file that would cause flash-plugin to crash or,;possibly, execute arbitrary code when the victim loaded a page containing;the specially-crafted SWF content. (CVE-2009-1862, CVE-2009-1863,;CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1868, CVE-2009-1869);;A clickjacking flaw was discovered in Flash Player. A specially-crafted;SWF file could trick a user into unintentionally or mistakenly clicking a;link or a dialog. (CVE-2009-1867);;A flaw was found in the Flash Player local sandbox. A specially-crafted;SWF file could cause information disclosure when it was saved to the hard;drive. (CVE-2009-1870);;All users of Adobe Flash Player should install this updated package, which;upgrades Flash Player to version 10.0.32.18.
Description:	Summary: The remote host is missing updates announced in advisory RHSA-2009:1188. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-1862, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1868, CVE-2009-1869) A clickjacking flaw was discovered in Flash Player. A specially-crafted SWF file could trick a user into unintentionally or mistakenly clicking a link or a dialog. (CVE-2009-1867) A flaw was found in the Flash Player local sandbox. A specially-crafted SWF file could cause information disclosure when it was saved to the hard drive. (CVE-2009-1870) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.0.32.18. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1862 http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html BugTraq ID: 35759 http://www.securityfocus.com/bid/35759 CERT/CC vulnerability note: VU#259425 http://www.kb.cert.org/vuls/id/259425 http://security.gentoo.org/glsa/glsa-200908-04.xml http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html http://bugs.adobe.com/jira/browse/FP-1265 http://isc.sans.org/diary.html?storyid=6847 http://news.cnet.com/8301-27080_3-10293389-245.html http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99 http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 Common Vulnerability Exposure (CVE) ID: CVE-2009-1863 BugTraq ID: 35890 http://www.securityfocus.com/bid/35890 BugTraq ID: 35900 http://www.securityfocus.com/bid/35900 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16391 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6961 http://www.securitytracker.com/id?1022629 http://www.vupen.com/english/advisories/2009/2086 XForce ISS Database: adobe-flash-air-code-execution(52179) https://exchange.xforce.ibmcloud.com/vulnerabilities/52179 Common Vulnerability Exposure (CVE) ID: CVE-2009-1864 BugTraq ID: 35904 http://www.securityfocus.com/bid/35904 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16133 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6660 XForce ISS Database: flash-air-unspecified-bo(52184) https://exchange.xforce.ibmcloud.com/vulnerabilities/52184 Common Vulnerability Exposure (CVE) ID: CVE-2009-1865 BugTraq ID: 35906 http://www.securityfocus.com/bid/35906 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16338 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7011 XForce ISS Database: flash-air-code-execution-var1(52182) https://exchange.xforce.ibmcloud.com/vulnerabilities/52182 Common Vulnerability Exposure (CVE) ID: CVE-2009-1866 BugTraq ID: 35901 http://www.securityfocus.com/bid/35901 http://osvdb.org/56774 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16198 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7271 XForce ISS Database: flash-air-unspecified-bo-var2(52186) https://exchange.xforce.ibmcloud.com/vulnerabilities/52186 Common Vulnerability Exposure (CVE) ID: CVE-2009-1867 BugTraq ID: 35905 http://www.securityfocus.com/bid/35905 http://osvdb.org/56775 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15430 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6694 XForce ISS Database: flash-air-unspecified-clickjacking(52183) https://exchange.xforce.ibmcloud.com/vulnerabilities/52183 Common Vulnerability Exposure (CVE) ID: CVE-2009-1868 BugTraq ID: 35902 http://www.securityfocus.com/bid/35902 http://osvdb.org/56776 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15955 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6865 XForce ISS Database: flash-air-unspecified-bo-var1(52185) https://exchange.xforce.ibmcloud.com/vulnerabilities/52185 Common Vulnerability Exposure (CVE) ID: CVE-2009-1869 BugTraq ID: 35907 http://www.securityfocus.com/bid/35907 Bugtraq: 20090802 Advisory: Adobe Flash Player and AIR AVM2 intf_count Integer Overflow Remote Code Execution (CVE-2009-1869) (Google Search) http://www.securityfocus.com/archive/1/505467/100/0/threaded http://roeehay.blogspot.com/2009/08/advisory-adobe-flash-player-avm2.html http://roeehay.blogspot.com/2009/08/exploitation-of-cve-2009-1869.html http://osvdb.org/56777 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15994 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6998 XForce ISS Database: flash-air-code-execution(52181) https://exchange.xforce.ibmcloud.com/vulnerabilities/52181 Common Vulnerability Exposure (CVE) ID: CVE-2009-1870 BugTraq ID: 35908 http://www.securityfocus.com/bid/35908 http://osvdb.org/56778 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648 XForce ISS Database: flash-air-sandbox-info-disclosure(52180) https://exchange.xforce.ibmcloud.com/vulnerabilities/52180
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.