Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4503

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-4503
Last Modified 07 Mar 2011 10:12:33
Published 09 Oct 2008 02:00:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4503

Summary

The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking."

Vulnerable Systems

Application

  • Adobe Flash Player 7

  • Adobe Flash Player 7.0

  • Adobe Flash Player 7.0 R67

  • Adobe Flash Player 7.0.1

  • Adobe Flash Player 7.0.25

  • Adobe Flash Player 7.0.63

  • Adobe Flash Player 7.0.69.0

  • Adobe Flash Player 7.0.70.0

  • Adobe Flash Player 7.1

  • Adobe Flash Player 7.1.1

  • Adobe Flash Player 7.2

  • Adobe Flash Player 8

  • Adobe Flash Player 8.0

  • Adobe Flash Player 8.0.24.0

  • Adobe Flash Player 8.0.34.0

  • Adobe Flash Player 8.0.35.0

  • Adobe Flash Player 8.0.39.0

  • Adobe Flash Player 9

  • Adobe Flash Player 9.0.114.0

  • Adobe Flash Player 9.0.115.0

  • Adobe Flash Player 9.0.124.0


References

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb08-18.html

XF - adobe-flash-click-hijacking(45721)

VUPEN - ADV-2008-2764

SECTRACK - 1020996

BID - 31625

REDHAT - RHSA-2008:0980

REDHAT - RHSA-2008:0945

CONFIRM - http://www.adobe.com/support/security/advisories/apsa08-08.html

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm

SUNALERT - 248586

GENTOO - GLSA-200903-23

SECUNIA - 34226

SECUNIA - 33390

SECUNIA - 32759

SECUNIA - 32702

SECUNIA - 32448

SECUNIA - 32163

SUSE - SUSE-SR:2008:025

MISC - http://ha.ckers.org/blog/20081007/clickjacking-details/

MISC - http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking/

Related Patches

Adobe Flash Player 10.0.12.36 for Mac OS X (PPC) (Rev 2)


Last Updated: 27 May 2016 10:48:31