Summary
This host is installed with Adobe Flash Player/Air and is prone to multiple Denial of Service vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code, gain elevated privileges, gain knowledge of certain information and conduct clickjacking attacks.
Impact Level: System/Application
Solution
Update to Adobe Air 1.5.2 or Adobe Flash Player 9.0.246.0 or 10.0.32.18 http://get.adobe.com/air
http://www.adobe.com/support/flashplayer/downloads.html
Insight
Multiple vulnerabilities which can be to exploited to cause memory corruption, null pointer, privilege escalation, heap-based buffer overflow, local sandbox bypass, and input validation errors when processing specially crafted web pages.
Affected
Adobe AIR version prior to 1.5.2
Adobe Flash Player 9 version prior to 9.0.246.0
Adobe Flash Player 10 version prior to 10.0.32.18 on Linux.
References
Severity
Classification
-
CVE CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- CA kmxfw.sys Code Execution and DoS Vulnerabilities
- Adobe Digital Edition Denial of Service Vulnerability (Windows)
- Epson EventManager 'x-protocol-version' Denial of Service Vulnerability
- Adobe Reader '.ETD File' Denial of Service Vulnerability (Linux)
- BreakPoint Software Hex Workshop Denial of Service vulnerability