CVE-2007-6242 – flash: abitrary code execution
https://notcve.org/view.php?id=CVE-2007-6242
Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors." Vulnerabilidad no especificada en Adobe Flash Player 9.0.48.0 y anteriores podría permitir a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, relacionado con "error de validación de entrada". • http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://secunia.com/advisories/28157 http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28570 http://secunia.com/advisories/30507 http://securitytracker.com/id?1019116 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 http://www.adobe.com/support/security/bulletins/apsb07-20.html http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml • CWE-20: Improper Input Validation •
CVE-2007-6243 – Flash Player cross-domain and cross-site scripting flaws
https://notcve.org/view.php?id=CVE-2007-6243
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. Adobe Flash Player 9.x hasta 9.0.48.0, 8.x hasta 8.0.35.0, y 7.x hasta 7.0.70.0 no restringe suficientemente la interpretación y uso de los ficheros de políticas de cruce de dominios, lo cual facilita a atacantes remotos llevar a cabo ataques de salto de dominio y de secuencias de comandos en sitios cruzados (XSS). • http://jvn.jp/jp/JVN%2345675516/index.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28570 http://secunia.com/advisories/29763 http • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-6244 – Adobe Flash Player 7.0.x/8.0.x/9.0.x - ActiveX Control 'navigateToURL' API Cross Domain Scripting
https://notcve.org/view.php?id=CVE-2007-6244
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer. Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en Adobe Flash Player 9.x hasta la 9.0.48.0 y 8.x hasta la 8.0.35.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un (1) archivo SWF que utiliza la función as: protocol o (2) la función navigateToURL cuando se utiliza con el Control ActiveX Flash Player en Internet Explorer. • https://www.exploit-db.com/exploits/30907 https://www.exploit-db.com/exploits/30905 http://crypto.stanford.edu/advisories/CVE-2007-6244 http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://secunia.com/advisories/28157 http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28570 http://secunia.com/advisories/30507 http://securitytracker.com/id?1019116 http://sunsolve.sun.com/search/document.do?assetkey=1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-6245 – flash: HTTP headers modification
https://notcve.org/view.php?id=CVE-2007-6245
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks. Adobe Flash Player 9.x hasta 9.0.48.0, 8.x hasta 8.0.35.0, y 7.x hasta 7.0.70.0 permite a atacantes remotos modificar las cabeceras HTTP para peticiones de cliente y llevar a cabo ataques de División de Petición HTTP. • http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://secunia.com/advisories/28157 http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28570 http://secunia.com/advisories/30507 http://securitytracker.com/id?1019116 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 http://www.adobe.com/support/security/bulletins/apsb07-20.html http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-6246 – flash: privilege escalation
https://notcve.org/view.php?id=CVE-2007-6246
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges. Adobe Flash Player 9.x hasta 9.0.48.0, 8.x hasta 8.0.35.0, y 7.x hasta 7.0.70.0, cuando se ejecuta en Linux, usa permisos inseguros para la memoria, lo cual podría permitir a usuarios locales obtener privilegios. • http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://secunia.com/advisories/28157 http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28570 http://secunia.com/advisories/30507 http://securitytracker.com/id?1019116 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 http://www.adobe.com/support/security/bulletins/apsb07-20.html http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml • CWE-264: Permissions, Privileges, and Access Controls •