Executive Summary
Summary | |
---|---|
Title | Flash Player information disclosure vulnerability |
Informations | |||
---|---|---|---|
Name | VU#110297 | First vendor Publication | 2007-07-12 |
Vendor | VU-CERT | Last vendor Modification | 2007-07-16 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#110297Flash Player information disclosure vulnerabilityOverviewThe Adobe Flash player contains an information disclosure vulnerability that affects the Konqueror and Opera web browsers.I. DescriptionKonqueror is the default web browser for the KDE desktop. Opera is a web browser that is available for Windows, Linux and BSD systems.The Adobe Flash Player contains an information disclosure vulnerability. When using Konqueror or Opera with the Flash player plugin, keystrokes may be sent to the Flash Player applet instead of the web browser. Adobe has released an update to address this issue. See Adobe Security Bulletin APSB07-12 for more details. Users who get Adobe Flash from their operating system vendor should see the systems affected section of this document.
References
Thanks to Adobe for information that was used in this report. Adobe credits Mark Hills for reporting this issue. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/110297 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21835 | |||
Oval ID: | oval:org.mitre.oval:def:21835 | ||
Title: | ELSA-2007:0494: kdebase security update (Important) | ||
Description: | Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0494-02 CVE-2007-2022 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | kdebase |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24920 | |||
Oval ID: | oval:org.mitre.oval:def:24920 | ||
Title: | Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet | ||
Description: | Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-2022 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Adobe Flash Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9332 | |||
Oval ID: | oval:org.mitre.oval:def:9332 | ||
Title: | Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | ||
Description: | Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2022 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for kdebase3 File : nvt/sles9p5014984.nasl |
2009-04-09 | Name : Mandriva Update for kdebase MDKSA-2007:138 (kdebase) File : nvt/gb_mandriva_MDKSA_2007_138.nasl |
2009-01-28 | Name : SuSE Update for flash-player SUSE-SA:2007:046 File : nvt/gb_suse_2007_046.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200708-01 (netscape-flash) File : nvt/glsa_200708_01.nasl |
2008-09-04 | Name : FreeBSD Ports: linux-flashplugin File : nvt/freebsd_linux-flashplugin1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
34140 | Adobe Macromedia Flash Player Plug-in Multiple Browser Remote Keystroke Discl... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0494.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070613_kdebase_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_flash-player-3890.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdebase3-3407.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_flash-player-3889.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kdebase3-3347.nasl - Type : ACT_GATHER_INFO |
2007-08-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200708-01.nasl - Type : ACT_GATHER_INFO |
2007-07-18 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b42e8c3234f611dc9bc9001921ab2fa4.nasl - Type : ACT_GATHER_INFO |
2007-07-04 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-138.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0494.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0494.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 12:26:29 |
|