Cross-Site Request Forgery (CSRF) attack vulnerability in Adobe Flash Player and Adobe Air (Mac OS X)| ID: oval:org.secpod.oval:def:9369 | Date: (C)2013-02-26 (M)2023-11-27 |
| Class: VULNERABILITY | Family: macos |
The host is installed with Adobe Flash Player 9.x before 9.0.124.0 or 8.0.39.0 or earlier or Adobe Air before 1.0.1 and is prone to a dns rebinding attack vulnerability. A flaw is present in the applications, which fail to handle interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services. Successful exploitation could allow remote attackers to conduct DNS rebinding attacks.
| Platform: |
| Apple Mac OS 14 |
| Apple Mac OS 13 |
| Apple Mac OS 12 |
| Apple Mac OS 11 |
| Apple Mac OS X 10.14 |
| Apple Mac OS X 10.15 |
| Apple Mac OS X 10.13 |
| Apple Mac OS X 10.8 |
| Apple Mac OS X 10.9 |
| Apple Mac OS X 10.10 |
| Apple Mac OS X 10.11 |
| Apple Mac OS X 10.12 |
| Apple Mac OS X Server 10.8 |
| Apple Mac OS X Server 10.9 |
| Apple Mac OS X Server 10.10 |
| Apple Mac OS X Server 10.11 |
| Apple Mac OS X Server 10.12 |
| Product: |
| Adobe AIR |
| Adobe Flash Player |
