Summary
This host has Adobe Flash Player installed and is prone to multiple security bypass vulnerabilities.
Impact
Successful attack could allow malicious people to bypass certain security restrictions or manipulate certain data.
Impact Level: Application
Solution
Upgrade to Adobe Flash Player 10.0.12.36
http://www.adobe.com/downloads/
Insight
The flaws are due to,
- a design error in the application that allows access to the system's camera and microphone by tricking the user into clicking Flash Player access control dialogs disguised as normal graphical elements.
- FileReference.browse() and FileReference.download() methods which can be called without user interaction and can potentially be used to trick a user into downloading or uploading files.
Affected
Adobe Flash Player 9.x - 9.0.124.0 on Linux
References
Severity
Classification
-
CVE CVE-2007-4324, CVE-2007-6243, CVE-2008-3873, CVE-2008-4401, CVE-2008-4503 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities - Mac OS X
- Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Windows)