Rapid7 Vulnerability & Exploit Database

SUSE-SA:2007:069: flash-player

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SA:2007:069: flash-player

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

12/21/2007

Created

07/25/2018

Added

03/10/2008

Modified

11/18/2015

Description

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.

Solution(s)

References

https://attackerkb.com/topics/cve-2007-4324
APPLE-SA-2007-12-17
APPLE-SA-2008-03-18
APPLE-SA-2008-05-28
25260
26346
26929
26930
26949
26951
26960
26965
26966
26969
TA07-352A
TA07-355A
TA08-100A
TA08-150A
758769
935737
CVE - 2007-4324
CVE - 2007-4768
CVE - 2007-5275
CVE - 2007-6242
CVE - 2007-6243
CVE - 2007-6244
CVE - 2007-6245
CVE - 2007-6246
DSA-1399
DSA-1570
OVAL10210
OVAL10519
OVAL11069
OVAL11874
OVAL9188
OVAL9250
OVAL9546
OVAL9701
RHSA-2007:1126
RHSA-2008:0221
RHSA-2008:0945
RHSA-2008:0980
SUSE-SA:2007:069
SUSE-SA:2008:022
http://bugs.gentoo.org/show_bug.cgi?id=198976
http://crypto.stanford.edu/advisories/CVE-2007-6244/
http://crypto.stanford.edu/dns/dns-rebinding.pdf
http://docs.info.apple.com/article.html?artnum=307179
http://docs.info.apple.com/article.html?artnum=307562
http://jvn.jp/jp/JVN%2345675516/index.html
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2
http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
http://scan.flashsec.org/
http://securityreason.com/securityalert/2995
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html
http://www.adobe.com/support/security/bulletins/apsb07-20.html
http://www.adobe.com/support/security/bulletins/apsb08-11.html
http://www.adobe.com/support/security/bulletins/apsb08-13.html
http://www.debian.org/security/2007/dsa-1399
http://www.frsirt.com/english/advisories/2007/3725
http://www.frsirt.com/english/advisories/2007/3790
http://www.frsirt.com/english/advisories/2007/4238
http://www.frsirt.com/english/advisories/2007/4258
http://www.frsirt.com/english/advisories/2008/0924/references
http://www.frsirt.com/english/advisories/2008/1697
http://www.frsirt.com/english/advisories/2008/1724/references
http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
http://www.novell.com/linux/security/advisories/2007_69_flashplayer.html
http://www.securityfocus.com/archive/1/archive/1/475961/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/483357/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/483579/100/0/threaded
http://www.ubuntulinux.org/support/documentation/usn/usn-547-1
https://issues.rpath.com/browse/RPL-1738
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
38278
39128
39129
39130
39131
39134
39136

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;