VYPR

Flash

by Adobe Inc.

CVEs (4)

  • CVE-2007-6019Apr 9, 2008
    risk 0.08cvss epss 0.60

    Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.

  • CVE-2008-1201Mar 24, 2008
    risk 0.02cvss epss 0.20

    Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Windows allow user-assisted remote attackers to execute arbitrary code via a crafted .FLA file.

  • CVE-2008-1654Apr 2, 2008
    risk 0.00cvss epss 0.05

    Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated…

  • CVE-2007-5275Oct 8, 2007
    risk 0.00cvss epss 0.06

    The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a…