Adobe: >> Flash Player >> 10.0.22.87 Security Vulnerabilities
Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.
CVSS Score
4.3
EPSS Score
0.308
Published
2008-04-02
Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.
CVSS Score
7.2
EPSS Score
0.002
Published
2005-12-31
Page 89