SuSE 10 Security Update : flash-player (ZYPP Patch Number 7763)
High Nessus Plugin ID 57194
The remote SuSE 10 host is missing a security-related patch.
This update resolves - a universal cross-site scripting issue that could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website. (CVE-2011-2444) Note: There are reports that this issue is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message. - an AVM stack overflow issue that may allow for remote code execution. (CVE-2011-2426) - an AVM stack overflow issue that may lead to denial of service and code execution. (CVE-2011-2427). - a logic error issue which causes a browser crash and may lead to code execution. (CVE-2011- 2428). - a Flash Player security control bypass which could allow information disclosure. (CVE-2011-2429). - a streaming media logic error vulnerability which could lead to code execution. (CVE-2011-2430).