[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-4503Date: (C)2008-10-09   (M)2023-12-22


The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1020996
SUNALERT-248586
BID-31625
SECUNIA-32163
SECUNIA-32448
SECUNIA-32702
SECUNIA-32759
SECUNIA-33390
SECUNIA-34226
ADV-2008-2764
GLSA-200903-23
RHSA-2008:0945
RHSA-2008:0980
SUSE-SR:2008:025
adobe-flash-click-hijacking(45721)
http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking/
http://ha.ckers.org/blog/20081007/clickjacking-details/
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
http://www.adobe.com/support/security/advisories/apsa08-08.html
http://www.adobe.com/support/security/bulletins/apsb08-18.html

CPE    18
cpe:/a:adobe:flash_player
cpe:/a:adobe:flash_player:7.0.25
cpe:/a:adobe:flash_player:7.0.69.0
cpe:/a:adobe:flash_player:8.0.24.0
...
OVAL    6
oval:org.secpod.oval:def:18054
oval:org.secpod.oval:def:18055
oval:org.secpod.oval:def:18007
oval:org.secpod.oval:def:18006
...

© SecPod Technologies