漏洞信息详情
Adobe Flash Player跨域策略文件跨站脚本漏洞
- CNNVD编号:CNNVD-200712-264
- 危害等级: 高危
- CVE编号: CVE-2007-6243
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2007-12-19
- 威胁类型: 远程
- 更新时间: 2009-08-19
- 厂 商: adobe
- 漏洞来源: Toshiharu Sugiyama
漏洞简介
Flash Player是一款非常流行的FLASH播放器。
Flash Player没有充分地限制对跨域策略文件的解释和使用,远程攻击者可以在强制跨域策略文件时导致错误,这样就可以绕过跨域安全模块执行跨站脚本攻击。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://fpdownload.macromedia.com/get/flashplayer/current/install_flash_player_9_linux.tar.gz
https://www.redhat.com/support/errata/RHSA-2007-1126.HTML
参考网址
来源: US-CERT
名称: TA08-150A
链接:http://www.us-cert.gov/cas/techalerts/TA08-150A.HTML
来源: US-CERT
名称: TA08-100A
链接:http://www.us-cert.gov/cas/techalerts/TA08-100A.HTML
来源: US-CERT
名称: TA07-355A
链接:http://www.us-cert.gov/cas/techalerts/TA07-355A.HTML
来源: US-CERT
名称: VU#935737
链接:http://www.kb.cert.org/vuls/id/935737
来源: REDHAT
名称: RHSA-2008:0980
链接:http://www.redhat.com/support/errata/RHSA-2008-0980.HTML
来源: REDHAT
名称: RHSA-2008:0945
链接:http://www.redhat.com/support/errata/RHSA-2008-0945.HTML
来源: www.adobe.com
链接:http://www.adobe.com/support/security/bulletins/apsb07-20.HTML
来源: MISC
链接:http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.HTML
来源: support.nortel.com
链接:http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=
来源: support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
来源: support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
来源: SUNALERT
名称: 248586
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
来源: SECUNIA
名称: 33390
链接:http://secunia.com/advisories/33390
来源: SECUNIA
名称: 32759
链接:http://secunia.com/advisories/32759
来源: SECUNIA
名称: 32702
链接:http://secunia.com/advisories/32702
来源: SECUNIA
名称: 32448
链接:http://secunia.com/advisories/32448
来源: SUSE
名称: SUSE-SR:2008:025
链接:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.HTML
来源: XF
名称: adobe-unspecified-security-bypass(39129)
链接:http://xforce.iss.net/xforce/xfdb/39129
来源: BID
名称: 26966
链接:http://www.securityfocus.com/bid/26966
来源: BID
名称: 26929
链接:http://www.securityfocus.com/bid/26929
来源: REDHAT
名称: RHSA-2008:0221
链接:http://www.redhat.com/support/errata/RHSA-2008-0221.HTML
来源: GENTOO
名称: GLSA-200804-21
链接:http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
来源: GENTOO
名称: GLSA-200801-07
链接:http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
来源: VUPEN
名称: ADV-2008-1724
链接:http://www.frsirt.com/english/advisories/2008/1724/references
来源: VUPEN
名称: ADV-2008-1697
链接:http://www.frsirt.com/english/advisories/2008/1697
来源: VUPEN
名称: ADV-2007-4258
链接:http://www.frsirt.com/english/advisories/2007/4258
来源: www.adobe.com
链接:http://www.adobe.com/support/security/bulletins/apsb08-11.HTML
来源: SUNALERT
名称: 238305
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
来源: SECTRACK
名称: 1019116
链接:http://securitytracker.com/id?1019116
来源: SECUNIA
名称: 30507
链接:http://secunia.com/advisories/30507
来源: SECUNIA
名称: 30430
链接:http://secunia.com/advisories/30430
来源: SECUNIA
名称: 29865
链接:http://secunia.com/advisories/29865
来源: SECUNIA
名称: 29763
链接:http://secunia.com/advisories/29763
来源: SECUNIA
名称: 28570
链接:http://secunia.com/advisories/28570
来源: SECUNIA
名称: 28213
链接:http://secunia.com/advisories/28213
来源: SECUNIA
名称: 28161
链接:http://secunia.com/advisories/28161
来源: SUSE
名称: SUSE-SA:2008:022
链接:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.HTML
来源: SUSE
名称: SUSE-SA:2007:069
链接:http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.HTML
来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2008-05-28
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2008//May/msg00001.HTML
来源: JVN
名称: JVN#45675516
链接:http://jvn.jp/jp/JVN%2345675516/index.HTML
来源:NSFOCUS 名称:11299※11724 链接:http://www.nsfocus.net/vulndb/11299※11724
受影响实体
- Adobe Flash_player:9.0.48.0
补丁
暂无
评论