| Revision Date: | 2015-08-03 | Version: | 39 |
| Title: | Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. |
| Description: | Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. |
| Family: | windows | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2008-1654
|
| Platform(s): | Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
| Product(s): | Adobe AIR
Adobe Flash Player
|
| Definition Synopsis |
| Flash.ocx section ActiveX Control is installed
AND Flash.ocx vulnerable version
Determine if the version of Flash.ocx is less than or equal 9.0.124.0
OR Vulnerable version of Adobe Flash Player
Adobe Flash Player 9 is installed
AND Adobe Flash Player version is less than or equal 9.0.124.0
OR Adobe Vulnerable version of Adobe AIR
Adobe AIR is installed
AND Check if the version of Adobe Air is less than 1.0.1
|