Flash Player < / Multiple Vulnerabilities (APSB08-18 / APSB08-20 / APSB08-22)

This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains a browser plugin that is affected by
multiple issues.

Description :

According to its version number, an instance of Flash Player on the
remote Windows host is or earlier. Such versions are
potentially affected by several vulnerabilities :

- A potential port-scanning issue. (CVE-2007-4324)

- Possible privilege escalation attacks against web
servers hosting Flash content and cross-domain policy
files. (CVE-2007-6243)

- Potential Clipboard attacks. (CVE-2008-3873)

- FileReference upload and download APIs that don't
require user interaction. (CVE-2008-4401)

- A 'Clickjacking' issue that could be abused by an
attacker to lure a web browser user into unknowingly
clicking on a link or dialog. (CVE-2008-4503)

- A potential cross-site scripting vulnerability.

- A potential issue that could be leveraged in to conduct
a DNS rebinding attack. (CVE-2008-4819)

- An information disclosure issue affecting only the
ActiveX control. (CVE-2008-4820)

- An information disclosure issue involving interpretation
of the 'jar:' protocol and affecting only the plugin for
Mozilla browsers. (CVE-2008-4821)

- An issue with policy file interpretation could
potentially lead to bypass of a non-root domain policy.

- A potential HTML injection issue involving an
ActionScript attribute. (CVE-2008-4823)

- Multiple input validation errors could potentially lead
to execution of arbitrary code. (CVE-2008-4824)

See also :


Solution :

Upgrade to Flash Player version / or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now