Summary
This host has Adobe Flash Player installed and is prone to multiple security bypass vulnerabilities.
Impact
Successful attack could allow malicious people to bypass certain security restrictions or manipulate certain data.
Impact Level: Application
Solution
Upgrade to Adobe Flash Player 10.0.12.36,
http://www.adobe.com/downloads/
Insight
The flaws are due to,
- a design error in the application allows access to the system's camera and microphone by tricking the user into clicking Flash Player access control dialogs disguised as normal graphical elements.
- FileReference.browse() and FileReference.download() methods can be called without user interaction and can potentially be used to trick a user into downloading or uploading files.
Affected
Adobe Flash Player 9.x - 9.0.124.0 on Windows.
References
Severity
Classification
-
CVE CVE-2007-4324, CVE-2007-6243, CVE-2008-3873, CVE-2008-4401, CVE-2008-4503 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Mac OS X)