English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67544
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0464
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0464.

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security pages APSA10-01 and
APSB10-14, listed in the References section.

Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2009-3793,
CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,
CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,
CVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,
CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,
CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,
CVE-2010-2187, CVE-2010-2188)

An input sanitization flaw was found in the way flash-plugin processed
certain URLs. An attacker could use this flaw to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2010-2179)

A denial of service flaw was found in the way flash-plugin processed
certain SWF content. An attacker could use this flaw to create a
specially-crafted SWF file that would cause flash-plugin to crash.
(CVE-2008-4546)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 10.1.53.64.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0464.html
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/advisories/apsa10-01.html
http://www.adobe.com/support/security/bulletins/apsb10-14.html

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-4546
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
BugTraq ID: 31537
http://www.securityfocus.com/bid/31537
Bugtraq: 20081002 Adobe Flash Player plug-in null pointer dereference and browser crash (Google Search)
http://www.securityfocus.com/archive/1/496929/100/0/threaded
Cert/CC Advisory: TA10-162A
http://www.us-cert.gov/cas/techalerts/TA10-162A.html
http://security.gentoo.org/glsa/glsa-201101-09.xml
HPdes Security Advisory: HPSBMA02547
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
HPdes Security Advisory: SSRT100179
http://www.mochimedia.com/~matthew/flashcrash/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187
http://www.redhat.com/support/errata/RHSA-2010-0464.html
http://www.redhat.com/support/errata/RHSA-2010-0470.html
http://securitytracker.com/id?1024085
http://securitytracker.com/id?1024086
http://secunia.com/advisories/32759
http://secunia.com/advisories/40545
http://secunia.com/advisories/43026
http://securityreason.com/securityalert/4401
SuSE Security Announcement: SUSE-SA:2010:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
TurboLinux Advisory: TLSA-2010-19
http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
http://www.vupen.com/english/advisories/2010/1421
http://www.vupen.com/english/advisories/2010/1432
http://www.vupen.com/english/advisories/2010/1434
http://www.vupen.com/english/advisories/2010/1453
http://www.vupen.com/english/advisories/2010/1482
http://www.vupen.com/english/advisories/2010/1522
http://www.vupen.com/english/advisories/2010/1793
http://www.vupen.com/english/advisories/2011/0192
XForce ISS Database: adobe-flash-version-dos(45630)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45630
Common Vulnerability Exposure (CVE) ID: CVE-2009-3793
BugTraq ID: 40759
http://www.securityfocus.com/bid/40759
BugTraq ID: 40809
http://www.securityfocus.com/bid/40809
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16223
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7205
http://secunia.com/advisories/40144
Common Vulnerability Exposure (CVE) ID: CVE-2010-1297
BugTraq ID: 40586
http://www.securityfocus.com/bid/40586
Cert/CC Advisory: TA10-159A
http://www.us-cert.gov/cas/techalerts/TA10-159A.html
CERT/CC vulnerability note: VU#486225
http://www.kb.cert.org/vuls/id/486225
http://www.exploit-db.com/exploits/13787
http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/
http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx
http://www.osvdb.org/65141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116
http://securitytracker.com/id?1024057
http://securitytracker.com/id?1024058
http://secunia.com/advisories/40026
http://secunia.com/advisories/40034
http://www.vupen.com/english/advisories/2010/1348
http://www.vupen.com/english/advisories/2010/1349
http://www.vupen.com/english/advisories/2010/1636
XForce ISS Database: adobe-authplay-code-execution(59137)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59137
Common Vulnerability Exposure (CVE) ID: CVE-2010-2160
BugTraq ID: 40779
http://www.securityfocus.com/bid/40779
Bugtraq: 20100625 ZDI-10-114: Adobe Flash Player AVM2 getouterscope Opcode Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/512020/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16083
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7508
Common Vulnerability Exposure (CVE) ID: CVE-2010-2161
BugTraq ID: 40781
http://www.securityfocus.com/bid/40781
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=871
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15576
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7303
Common Vulnerability Exposure (CVE) ID: CVE-2010-2162
BugTraq ID: 40801
http://www.securityfocus.com/bid/40801
Bugtraq: 20100616 ZDI-10-109: Adobe Flash Player Multiple Atom MP4 Parsing Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511862/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16345
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7166
Common Vulnerability Exposure (CVE) ID: CVE-2010-2163
BugTraq ID: 40803
http://www.securityfocus.com/bid/40803
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16316
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7501
Common Vulnerability Exposure (CVE) ID: CVE-2010-2164
BugTraq ID: 40780
http://www.securityfocus.com/bid/40780
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=872
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15798
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6765
Common Vulnerability Exposure (CVE) ID: CVE-2010-2165
BugTraq ID: 40782
http://www.securityfocus.com/bid/40782
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16350
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6781
Common Vulnerability Exposure (CVE) ID: CVE-2010-2166
BugTraq ID: 40783
http://www.securityfocus.com/bid/40783
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15541
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7431
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.