RootSSV:2652Adobe Flash Player ActiveX控件通用跨站脚本漏洞
0.959 High
EPSS
Percentile
99.5%
Adobe Flash Player是一款流行的FLASH播放程序。
Adobe Flash Player包含的ActiveX控件处理navigateToURL API存在缺陷,远程攻击者可以利用漏洞进行跨站脚本攻击,可获得敏感信息或进行其他攻击。
navigateToURL API函数接收两个参数,URL和要浏览的帧名,SWF动画可在javascript: URI中传递而帧名可是其他域的帧名,这可导致URI执行在其他帧安全上下文中执行,攻击者可以构建恶意WEB页,诱使用户访问来触发。
RedHat Enterprise Linux Supplementary v.5 server
RedHat Enterprise Linux Extras v.4
RedHat Enterprise Linux Extras v.3
RedHat Enterprise Linux Extras 4.5.z
RedHat Enterprise Linux Desktop Supplementary v.5 client
RedHat Advanced Workstation for the Itanium Processor 2.1
Adobe Flash Player 9.0.48.0
Adobe Flash Player 9.0.47.0
Adobe Flash Player 9.0.45.0
Adobe Flash Player 9.0.31.0
Adobe Flash Player 9.0.28.0
Adobe Flash Player 8.0.34.0
Adobe Flash Player 7.0.69.0
升级程序:
Adobe Flash Player 9.0.31.0
Adobe install_flash_player_9_linux.tar.gz
<a href=“http://fpdownload.macromedia.com/get/flashplayer/current/install_flash” target=“_blank”>http://fpdownload.macromedia.com/get/flashplayer/current/install_flash</a> _player_9_linux.tar.gz
Adobe Flash Player 8.0.34.0
Adobe install_flash_player_9_linux.tar.gz
<a href=“http://fpdownload.macromedia.com/get/flashplayer/current/install_flash” target=“_blank”>http://fpdownload.macromedia.com/get/flashplayer/current/install_flash</a> _player_9_linux.tar.gz
Adobe Flash Player 9.0.45.0
Adobe install_flash_player_9_linux.tar.gz
<a href=“http://fpdownload.macromedia.com/get/flashplayer/current/install_flash” target=“_blank”>http://fpdownload.macromedia.com/get/flashplayer/current/install_flash</a> _player_9_linux.tar.gz
Adobe Flash Player 7.0.69.0
Adobe install_flash_player_9_linux.tar.gz
<a href=“http://fpdownload.macromedia.com/get/flashplayer/current/install_flash” target=“_blank”>http://fpdownload.macromedia.com/get/flashplayer/current/install_flash</a> _player_9_linux.tar.gz
Adobe Flash Player 9.0.28.0
Adobe install_flash_player_9_linux.tar.gz
<a href=“http://fpdownload.macromedia.com/get/flashplayer/current/install_flash” target=“_blank”>http://fpdownload.macromedia.com/get/flashplayer/current/install_flash</a> _player_9_linux.tar.gz
Adobe Flash Player 9.0.48.0
Adobe install_flash_player_9_linux.tar.gz
<a href=“http://fpdownload.macromedia.com/get/flashplayer/current/install_flash” target=“_blank”>http://fpdownload.macromedia.com/get/flashplayer/current/install_flash</a> _player_9_linux.tar.gz
Adobe Flash Player 9.0.47.0
Adobe install_flash_player_9_linux.tar.gz
<a href=“http://fpdownload.macromedia.com/get/flashplayer/current/install_flash” target=“_blank”>http://fpdownload.macromedia.com/get/flashplayer/current/install_flash</a> _player_9_linux.tar.gz
可参考如下测试程序:
http://crypto.stanford.edu/advisories/CVE-2007-6244/uxssdemo.as
Related
