The remote host is probably affected by the vulnerabilities described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637, CVE-2008-1654, CVE-2008-1655.
- CVE 2007-5275 The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324. - CVE 2007-6019 Adobe Flash Player 220.127.116.11 and earlier, and 18.104.22.168 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly. - CVE 2007-6243 Adobe Flash Player 9.x up to 22.214.171.124, 8.x up to 126.96.36.199, and 7.x up to 188.8.131.52 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. - CVE 2007-6637 Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to 'pre-generated SWF files' and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1. - CVE 2008-1654 Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. - CVE 2008-1655 Unspecified vulnerability in Adobe Flash Player 184.108.40.206 and earlier, and 220.127.116.11 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
All Adobe Flash Player users should upgrade to the latest version: http://get.adobe.com/flashplayer/
Updated on 2015-03-25
CVE CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637, CVE-2008-1654, CVE-2008-1655
CVSS Base Score: 9.3