Security

« Sun Alert 249366... | Main | Sun Alert 239188... »

12 Jan 2009 Sun Alert 248586 Multiple Security Vulnerabilities in the Flash Player Plugin for Solaris
posted by security in Alerts

Product: Solaris 10 Operating System OpenSolaris

Multiple security vulnerabilities in the Flash Player plugin distributed with Solaris may allow a remote unprivileged user the ability to execute arbitrary code with the privileges of a local user on the system while loading a malicious SWF file with the affected plugin. In addition, the Flash Player plugin may allow a remote user to bypass the Security Sandbox Model, modify the clipboard with a URL, allow cross-site scripting attacks, inject arbitrary web script or HTML, obtain sensitive data, conduct DNS rebinding and hijack the camera or microphone while loading a malicious SWF file with the affected plugin.

Additional information regarding these issues are available at:

ABSP08-22 at: http://www.adobe.com/support/security/bulletins/apsb08-22.html
APSB08-20 at: http://www.adobe.com/support/security/bulletins/apsb08-20.html
APSB08-18 at: http://www.adobe.com/support/security/bulletins/apsb08-18.html
APSA08-08 at: http://www.adobe.com/support/security/advisories/apsa08-08.html
CVE-2008-4818 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4818
CVE-2008-4819 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4819
CVE-2008-4820 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4820
CVE-2008-4821 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4821
CVE-2008-4822 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4822
CVE-2008-4823 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4823
CVE-2008-4824 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4824
CVE-2007-6243 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
CVE-2008-3873 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3873
CVE-2007-4324 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324
CVE-2008-4401 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4401
CVE-2008-4503 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4503
CVE-2008-5361 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5361
CVE-2008-5362 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5362
CVE-2008-5363 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5363

State: Resolved

First released: 06-Jan-2009

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-248586-1

Permalink |

Comments: