Adobe Flash Player ActiveX Control Discloses Information to Remote Users
|
|
SecurityTracker Alert ID: 1021148
|
|
SecurityTracker URL: http://securitytracker.com/id?1021148
|
|
CVE Reference: CVE-2008-4820
(Links to External Site)
|
Date: Nov 6 2008
|
Impact: Disclosure of system information, Disclosure of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Adobe Advisory
|
Version(s): 9.0.124.0 and prior versions
|
Description: A vulnerability was reported in Adobe Flash Player. A remote user can obtain information from the target user's system.
A remote user can create specially crafted HTML that, when loaded by the target user, will invoke the Flash Player ActiveX control to obtain information from the target user's system.
Manuel Caballero reported this vulnerability.
|
Impact: A remote user can create HTML that, when loaded by the target user, will obtain information from the target user's system.
|
Solution: The vendor has issued a fix (9.0.151.0), available at:
http://www.adobe.com/go/kb406791
The vendor recommends updating to version
10, if possible.
The vendor's advisory is available at:
http://www.adobe.com/support/security/bulletins/apsb08-20.html
|
Vendor URL: www.adobe.com/support/security/bulletins/apsb08-20.html (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 5 Nov 2008 21:52:56 -0500
Subject: Adobe Flash Player
|
Flash Player update available to address security vulnerabilities
http://www.adobe.com/support/security/bulletins/apsb08-20.html
CVE-2008-4820
|
|
