|
|
Subscribe / Log in / New account

flash-plugin: several vulnerabilities

Package(s):flash-plugin CVE #(s):CVE-2008-3873 CVE-2008-4401 CVE-2008-4503
Created:October 28, 2008 Updated:November 14, 2008
Description: From the Red Hat advisory:

A flaw was found in the way Adobe Flash Player wrote content to the clipboard. A malicious SWF file could populate the clipboard with a URL that could cause the user to mistakenly load an attacker-controlled URL. (CVE-2008-3873)

A flaw was found which allowed Adobe Flash Player's ActionScript to initiate file uploads and downloads without user interaction. FileReference.browse and FileReference.download calls can now only be initiated via user interaction, such as mouse-clicks or key-presses on the keyboard. (CVE-2008-4401)

A flaw was found in Adobe Flash Player's display of the Settings Manager content. A malicious SWF file could trick the user into unknowingly clicking a link or dialog. This could then give the malicious SWF file permission to access the local machine's camera or microphone. (CVE-2008-4503)

Alerts:
SuSE SUSE-SR:2008:025 apache2, ipsec-tools, kernel-bigsmp, flash-player, mysql, ktorrent 2008-11-14
Red Hat RHSA-2008:0980-02 flash-plugin 2008-11-12
Red Hat RHSA-2008:0945-01 flash-plugin 2008-10-28
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds