Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.

An updated Adobe Flash Player package that fixes a security issue is now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

The flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in.

Several input validation flaws were found in the way Flash Player displays certain content. It may be possible to execute arbitrary code on a victim's machine, if the victim opens a malicious Adobe Flash file. (CVE-2007-4768, CVE-2007-6242, CVE-2007-6246)

A flaw was found in the way Flash Player handled the asfunction:
protocol. Malformed SWF files could perform a cross-site scripting attack. (CVE-2007-6244)

A flaw was found in the way Flash Player modified HTTP request headers. Malicious content could allow Flash Player to conduct a HTTP response splitting attack. (CVE-2007-6245)

A flaw was found in the way Flash Player processes certain SWF content. A malicious SWF file could allow a remote attacker to conduct a port scanning attack from the client's machine. (CVE-2007-4324)

A flaw was found in the way Flash Player establishes TCP sessions. A remote attacker could use Flash Player to conduct a DNS rebinding attack. (CVE-2007-5275)

Users of Adobe Flash Player are advised to upgrade to this updated package, which contains version 9.0.115.0 and resolves these issues.

The remote host is affected by the vulnerability described in GLSA-200801-07 (Adobe Flash Player: Multiple vulnerabilities)

    Flash contains a copy of PCRE which is vulnerable to a heap-based     buffer overflow (GLSA 200711-30, CVE-2007-4768).
    Aaron Portnoy reported an unspecified vulnerability related to     input validation (CVE-2007-6242).
    Jesse Michael and Thomas Biege reported that Flash does not     correctly set memory permissions (CVE-2007-6246).
    Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong     Shao reported that Flash does not pin DNS hostnames to a single IP     addresses, allowing for DNS rebinding attacks (CVE-2007-5275).
    David Neu reported an error withing the implementation of the     Socket and XMLSocket ActionScript 3 classes (CVE-2007-4324).
    Toshiharu Sugiyama reported that Flash does not sufficiently     restrict the interpretation and usage of cross-domain policy files,     allowing for easier cross-site scripting attacks (CVE-2007-6243).
    Rich Cannings reported a cross-site scripting vulnerability in the     way the 'asfunction:' protocol was handled (CVE-2007-6244).
    Toshiharu Sugiyama discovered that Flash allows remote attackers to     modify HTTP headers for client requests and conduct HTTP Request     Splitting attacks (CVE-2007-6245).
  Impact :

    A remote attacker could entice a user to open a specially crafted file     (usually in a web browser), possibly leading to the execution of     arbitrary code with the privileges of the user running the Adobe Flash     Player. The attacker could also cause a user's machine to establish TCP     sessions with arbitrary hosts, bypass the Security Sandbox Model,     obtain sensitive information, port scan arbitrary hosts, or conduct     cross-site-scripting attacks.
  Workaround :

    There is no known workaround at this time.

Adobe Security bulletin :

Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform.

This flash player update to version 9.0.115.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted files.
(CVE-2007-4324 / CVE-2007-4768 / CVE-2007-5275 / CVE-2007-6242 / CVE-2007-6243 / CVE-2007-6244 / CVE-2007-6245 / CVE-2007-6246)

Note: Since Adobe doesn't support browsers other than Firefox and Mozilla, this update doesn't work with browsers such as Konqueror.
Updates for konquerors are already in the works.

This flash player update to version 9.0.115.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted files.
(CVE-2007-4324, CVE-2007-4768, CVE-2007-5275, CVE-2007-6242, CVE-2007-6243, CVE-2007-6244, CVE-2007-6245, CVE-2007-6246)

Note: Since Adobe doesn't support browsers other than Firefox and Mozilla, this update doesn't work with browsers such as Konqueror.
Updates for konquerors are already in the works.

 According to its version number, the instance of Flash Player on the remote Windows host is affected by multiple issues, including several that could allow for arbitrary code execution by means of a malicious SWF file.

According to its version number, the instance of Flash Player on the remote Windows host is affected by multiple issues, including several which could allow for arbitrary code execution by means of a malicious SWF file.

ID	Name	Product	Family	Severity
40711	RHEL 3 / 4 / 5 : flash-plugin (RHSA-2007:1126)	Nessus	Red Hat Local Security Checks	high
30031	GLSA-200801-07 : Adobe Flash Player: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
29849	FreeBSD : linux-flashplugin -- multiple vulnerabilities (562cf6c4-b9f1-11dc-a302-000102cc8983)	Nessus	FreeBSD Local Security Checks	critical
29785	SuSE 10 Security Update : flash-player (ZYPP Patch Number 4856)	Nessus	SuSE Local Security Checks	high
29784	openSUSE 10 Security Update : flash-player (flash-player-4855)	Nessus	SuSE Local Security Checks	high
4322	Flash Player < 9.0.115.0 / 7.0.73.0 APSB07-20 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
29741	Flash Player < 7.0.73.0 / 9.0.115.0 Multiple Vulnerabilities (APSB07-20)	Nessus	Windows	high

Detections

Analytics

CVE-2007-6244

medium

Tenable Plugins

high

high

critical

high

high

high

high