Summary
This host has Adobe Flash Player installed and is prone to multiple security bypass vulnerabilities.
Impact
Successful attack could allow malicious people to bypass certain security restrictions or manipulate certain data.
Impact Level: Application
Solution
Upgrade to Adobe Flash Player 10.0.12.36
http://www.adobe.com/downloads/
Insight
The flaws are due to,
- a design error in the application that allows access to the system's camera and microphone by tricking the user into clicking Flash Player access control dialogs disguised as normal graphical elements.
- FileReference.browse() and FileReference.download() methods which can be called without user interaction and can potentially be used to trick a user into downloading or uploading files.
Affected
Adobe Flash Player 9.x - 9.0.124.0 on Linux
References
Severity
Classification
-
CVE CVE-2007-4324, CVE-2007-6243, CVE-2008-3873, CVE-2008-4401, CVE-2008-4503 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)