FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-4503

This CVE name corresponds to:

Entered Topic
2008-10-17 linux-flashplugin -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-4503 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-4503
Phase Assigned(20081009)

Description

The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking."

References

Source Reference
MISC http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking/
MISC http://ha.ckers.org/blog/20081007/clickjacking-details/
CONFIRM http://www.adobe.com/support/security/advisories/apsa08-08.html
CONFIRM http://www.adobe.com/support/security/bulletins/apsb08-18.html
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
GENTOO GLSA-200903-23
REDHAT RHSA-2008:0945
REDHAT RHSA-2008:0980
SUNALERT 248586
SUSE SUSE-SR:2008:025
BID 31625
SECUNIA 34226
VUPEN ADV-2008-2764
SECTRACK 1020996
SECUNIA 32163
SECUNIA 32448
SECUNIA 32759
SECUNIA 32702
SECUNIA 33390
XF adobe-flash-click-hijacking(45721)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.