| VID |
28224 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Macromedia Flash Player before 8.0.42.0 / 9.0.124.0 has been installed on the host. Macromedia Flash Player versions 9.0.115.0 and earlier, 8.0.39.0 and earlier could allow a remote attacker to execute arbitrary code on the system via a specially-crafted SWF file. In addition, it might also allow a remote attacker to perform arbitrary HTTP requests facilitating cross-site request forgery, information disclosure, and other attacks against a user who visits a malicious web site.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.adobe.com/support/security/bulletins/apsb08-11.html
* Platforms Affected:
Adobe Systems Incorporated, Macromedia Flash Player for Windows versions 8.0.39.0 and earlier
Adobe Systems Incorporated, Macromedia Flash Player for Windows versions 9.0.115.0 and earlier
Apple Mac OS X Any version
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Macromedia Flash Player (8.0.42.0 or 9.0.124.0 or later), available from the Adobe Web site at http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash |
| Related URL |
CVE-2007-0071,CVE-2007-5275,CVE-2007-6019,CVE-2007-6243,CVE-2007-6637,CVE-2008-1654,CVE-2008-1655 (CVE) |
| Related URL |
26930,26966,27034,28694,28695,28696,28697 (SecurityFocus) |
| Related URL |
37277,38334,39129,39193,39495,41717,41807,41718 (ISS) |
|
