Test ID:	1.3.6.1.4.1.25623.1.0.800027
Category:	General
Title:	Adobe Flash Player Multiple Security Bypass Vulnerabilities (Win)
Summary:	Check for the version of Adobe Flash Player
Description:	Overview: This host has Adobe Flash Player installed and is prone to multiple security bypass vulnerabilities. Vulnerability Insight: The flaws are due to, - a design error in the application allows access to the system's camera and microphone by tricking the user into clicking Flash Player access control dialogs disguised as normal graphical elements. - FileReference.browse() and FileReference.download() methods can be called without user interaction and can potentially be used to trick a user into downloading or uploading files. Impact: Successful attack could allow malicious people to bypass certain security restrictions or manipulate certain data. Impact Level: Application Affected Software/OS: Adobe Flash Player 9.x - 9.0.124.0 on Windows. Fix: Upgrade to Adobe Flash Player 10.0.12.36, http://www.adobe.com/downloads/ References: http://secunia.com/advisories/32163/ http://www.adobe.com/support/security/bulletins/apsb08-18.html http://www.adobe.com/support/security/advisories/apsa08-08.html http://blogs.adobe.com/psirt/2008/10/clickjacking_security_advisory.html
Cross-Ref:	BugTraq ID: 31117 Common Vulnerability Exposure (CVE) ID: CVE-2007-6243 http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml http://www.redhat.com/support/errata/RHSA-2008-0221.html http://www.redhat.com/support/errata/RHSA-2008-0945.html http://www.redhat.com/support/errata/RHSA-2008-0980.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 SuSE Security Announcement: SUSE-SA:2007:069 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html SuSE Security Announcement: SUSE-SA:2008:022 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html SuSE Security Announcement: SUSE-SR:2008:025 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html Cert/CC Advisory: TA07-355A http://www.us-cert.gov/cas/techalerts/TA07-355A.html Cert/CC Advisory: TA08-100A http://www.us-cert.gov/cas/techalerts/TA08-100A.html Cert/CC Advisory: TA08-150A http://www.us-cert.gov/cas/techalerts/TA08-150A.html CERT/CC vulnerability note: VU#935737 http://www.kb.cert.org/vuls/id/935737 http://jvn.jp/jp/JVN%2345675516/index.html BugTraq ID: 26929 http://www.securityfocus.com/bid/26929 BugTraq ID: 26966 http://www.securityfocus.com/bid/26966 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11069 http://www.vupen.com/english/advisories/2007/4258 http://www.vupen.com/english/advisories/2008/1697 http://www.vupen.com/english/advisories/2008/1724/references http://securitytracker.com/id?1019116 http://secunia.com/advisories/28161 http://secunia.com/advisories/28570 http://secunia.com/advisories/28213 http://secunia.com/advisories/29763 http://secunia.com/advisories/29865 http://secunia.com/advisories/30430 http://secunia.com/advisories/30507 http://secunia.com/advisories/32448 http://secunia.com/advisories/32759 http://secunia.com/advisories/32702 http://secunia.com/advisories/33390 XForce ISS Database: adobe-unspecified-security-bypass(39129) http://xforce.iss.net/xforce/xfdb/39129 Common Vulnerability Exposure (CVE) ID: CVE-2008-3873 http://blogs.zdnet.com/security/?p=1733 http://blogs.zdnet.com/security/?p=1759 http://security.gentoo.org/glsa/glsa-200903-23.xml http://www.securityfocus.com/bid/31117 http://secunia.com/advisories/34226 http://www.vupen.com/english/advisories/2008/2838 http://securitytracker.com/id?1020724 XForce ISS Database: adobe-flash-setclipboard-hijacking(44584) http://xforce.iss.net/xforce/xfdb/44584 Common Vulnerability Exposure (CVE) ID: CVE-2007-4324 Bugtraq: 20070809 Design flaw in AS3 socket handling allows port probing (Google Search) http://www.securityfocus.com/archive/1/archive/1/475961/100/0/threaded http://scan.flashsec.org/ http://www.redhat.com/support/errata/RHSA-2007-1126.html BugTraq ID: 25260 http://www.securityfocus.com/bid/25260 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11874 http://secunia.com/advisories/28157 http://secunia.com/advisories/32270 http://securityreason.com/securityalert/2995 Common Vulnerability Exposure (CVE) ID: CVE-2008-4401 http://securitytracker.com/id?1021061 XForce ISS Database: adobe-flash-filereference-file-upload(45913) http://xforce.iss.net/xforce/xfdb/45913 Common Vulnerability Exposure (CVE) ID: CVE-2008-4503 http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking/ http://ha.ckers.org/blog/20081007/clickjacking-details/ BugTraq ID: 31625 http://www.securityfocus.com/bid/31625 http://www.vupen.com/english/advisories/2008/2764 http://www.securitytracker.com/id?1020996 http://secunia.com/advisories/32163 XForce ISS Database: adobe-flash-click-hijacking(45721) http://xforce.iss.net/xforce/xfdb/45721
Copyright	Copyright (C) 2008 Greenbone Networks GmbH

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: