Oval Definition:	oval:org.mitre.oval:tst:36397
Comment: flash-plugin is earlier than 0:9.0.124.0-1.el4 Type: rpminfo_test Namespace: linux Check_Existence: at_least_one_exists Check: at least one State Operator: AND References Object: oval:org.mitre.oval:obj:14752 State: oval:org.mitre.oval:ste:9928 Referencing Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:9828 V Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1. 2010-09-06 oval:org.mitre.oval:def:11069 V Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. 2010-09-06
BACK