Flash Player < 7.0.19.0 Predictable Data Location Weakness

This script is Copyright (C) 2003-2011 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is affected by a remote
file disclosure vulnerability.

Description :

The remote host is running a version of Flash Player older than
7.0.19.0.

Such versions can be abused in conjunction with several flaws in the
web browser to read local files on an affected system.

To exploit this issue, an attacker would need to lure a user of the
software into visiting a rogue website containing a malicious Flash
applet.

See also :

http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html

Solution :

Upgrade to version 7.0.19.0 or newer.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 11952 (flash_player_local_files.nasl)

Bugtraq ID: 8900

CVE ID: CVE-2003-1017

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now