English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 94899 CVE descriptions
and 51984 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67545
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0470
Summary:Redhat Security Advisory RHSA-2010:0470
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0470.

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security page APSB10-14,
listed in the References section.

Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2009-3793,
CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164,
CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170,
CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,
CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,
CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,
CVE-2010-2187, CVE-2010-2188)

An input sanitization flaw was found in the way flash-plugin processed
certain URLs. An attacker could use this flaw to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2010-2179)

All users of Adobe Flash Player should install this updated package,
which upgrades Flash Player to version 9.0.277.0.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0470.html
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb10-14.html

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-3793
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://security.gentoo.org/glsa/glsa-201101-09.xml
HPdes Security Advisory: HPSBMA02547
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
HPdes Security Advisory: SSRT100179
http://www.redhat.com/support/errata/RHSA-2010-0464.html
http://www.redhat.com/support/errata/RHSA-2010-0470.html
SuSE Security Announcement: SUSE-SA:2010:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
TurboLinux Advisory: TLSA-2010-19
http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
Cert/CC Advisory: TA10-162A
http://www.us-cert.gov/cas/techalerts/TA10-162A.html
BugTraq ID: 40759
http://www.securityfocus.com/bid/40759
BugTraq ID: 40809
http://www.securityfocus.com/bid/40809
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7205
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16223
http://securitytracker.com/id?1024085
http://securitytracker.com/id?1024086
http://secunia.com/advisories/40144
http://secunia.com/advisories/40545
http://secunia.com/advisories/43026
http://www.vupen.com/english/advisories/2010/1453
http://www.vupen.com/english/advisories/2010/1421
http://www.vupen.com/english/advisories/2010/1432
http://www.vupen.com/english/advisories/2010/1434
http://www.vupen.com/english/advisories/2010/1482
http://www.vupen.com/english/advisories/2010/1522
http://www.vupen.com/english/advisories/2010/1793
http://www.vupen.com/english/advisories/2011/0192
Common Vulnerability Exposure (CVE) ID: CVE-2010-2160
Bugtraq: 20100625 ZDI-10-114: Adobe Flash Player AVM2 getouterscope Opcode Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/512020/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-114
BugTraq ID: 40779
http://www.securityfocus.com/bid/40779
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7508
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16083
Common Vulnerability Exposure (CVE) ID: CVE-2010-2161
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=871
BugTraq ID: 40781
http://www.securityfocus.com/bid/40781
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7303
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:15576
Common Vulnerability Exposure (CVE) ID: CVE-2010-2162
Bugtraq: 20100616 ZDI-10-109: Adobe Flash Player Multiple Atom MP4 Parsing Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/511862/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-109
BugTraq ID: 40801
http://www.securityfocus.com/bid/40801
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7166
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16345
Common Vulnerability Exposure (CVE) ID: CVE-2010-2163
BugTraq ID: 40803
http://www.securityfocus.com/bid/40803
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7501
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16316
Common Vulnerability Exposure (CVE) ID: CVE-2010-2164
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=872
BugTraq ID: 40780
http://www.securityfocus.com/bid/40780
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6765
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:15798
Common Vulnerability Exposure (CVE) ID: CVE-2010-2165
BugTraq ID: 40782
http://www.securityfocus.com/bid/40782
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6781
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16350
Common Vulnerability Exposure (CVE) ID: CVE-2010-2166
BugTraq ID: 40783
http://www.securityfocus.com/bid/40783
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7431
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:15541
Common Vulnerability Exposure (CVE) ID: CVE-2010-2167
Bugtraq: 20100616 VUPEN Security Research - Adobe Flash Player GIF/JPEG Data Parsing Heap Overflow Vulnerabilities (CVE-2010-2167) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/511847/100/0/threaded
BugTraq ID: 40802
http://www.securityfocus.com/bid/40802
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7491
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:15437
Common Vulnerability Exposure (CVE) ID: CVE-2010-2169
BugTraq ID: 40807
http://www.securityfocus.com/bid/40807
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7276
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16225
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 51984 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.