-->

  SecPod ID: 10226                                            Status: Public Report
  Adobe Flash Player for Linux Remote Code Execution          Severity: High
  Vulnerability                                               Release Date: 18-12-2008
                                                              CVSS Base Score: 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
                                                              CVSS Temporal Score  = 6.9
                                                              Impact Level:  Application

  Affected Software/OS/Device:
  - Adobe Flash Player for Linux 10.0.12.36
  - Adobe Flash Player for Linux 9.0.151.0 and prior.

  OpenVAS Plugin ID: 
  Snort Signature ID:
  OVAL ID: 

  Vulnerability Insight:

  Overview:
  Adobe Flash Player is prone to Remote Code Execution Vulnerability.

  Description:
  A critical vulnerability in Adone Flash Player for Linux when loading a
  specially crafted SWF file which lets the attacker execute arbitrary codes
  remotely to take contrl of the affected system.

  Impact:
  Successful exploitation will let the attacker execute arbitrary codes in the
  context of the application and gain sensitive information to compromise the
  remote host.

  CVSS Score Report:
      ACCESS_VECTOR = NETWORK
      ACCESS_COMPLEXITY = MEDIUM
      AUTHENTICATION = NOT_REQUIRED
      CONFIDENTIALITY_IMPACT = COMPLETE
      INTEGRITY_IMPACT = COMPLETE
      AVAILABILITY_IMPACT = COMPLETE
      EXPLOITABILITY = UNPROVEN
      REMEDIATION_LEVEL = OFFICIAL_FIX
      REPORT_CONFIDENCE = CONFIRMED
      CVSS Base Score = 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
      CVSS Temporal Score = 6.9
      Risk factor = High

  
  Fix:
  Upgrade to Flash Player 10.0.15.3,
  http://get.adobe.com/flashplayer

  References: 
  http://www.vupen.com/english/advisories/2008/3449
  http://www.adobe.com/support/security/bulletins/apsb08-24.html

Home          Corporate          Resources          Report Security Bug          Diary