diff options
| author | Sergey Matveychuk <sem@FreeBSD.org> | 2005-11-13 21:39:56 +0000 |
|---|---|---|
| committer | Sergey Matveychuk <sem@FreeBSD.org> | 2005-11-13 21:39:56 +0000 |
| commit | 49a81eebfac3840d092e1827501047e1c39d1878 (patch) | |
| tree | b0ddd4247a02f9924cbdeb829b66af2563633fb0 /security | |
| parent | ae5e8af77b50a99e66f971d1b046762288dd1e93 (diff) | |
| download | ports-49a81eebfac3840d092e1827501047e1c39d1878.tar.gz ports-49a81eebfac3840d092e1827501047e1c39d1878.zip | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 515ab15b9f74..06f0dfd52aa0 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,7 +51,7 @@ Note: Please add new entries to the beginning of this file. to manipulate certain information.</p> <p>The vulnerability is caused due to an error in the "register_globals" emulation layer where certain - arrays used by the system can be overwritten. This can be + arrays used by the system can be overwritten. This can be exploited to execute arbitrary HTML and script code in a user's browser session and include arbitrary files from local resources.</p> @@ -69,7 +69,7 @@ Note: Please add new entries to the beginning of this file. </vuln> <vuln vid="aed343b4-5480-11da-b579-001125afbed7"> - <topic>Micromedia flash player -- swf file handling arbitrary code</topic> + <topic>Macromedia flash player -- swf file handling arbitrary code</topic> <affects> <package> <name>linux-flashplugin6</name> @@ -89,14 +89,14 @@ Note: Please add new entries to the beginning of this file. people to compromise a user's system.</p> <p>The vulnerability is caused due to missing validation of the frame type identifier that is read from - a SWF file. This value is used as an index in Flash.ocx - to reference an array of function pointers. This can be + a SWF file. This value is used as an index in Flash.ocx + to reference an array of function pointers. This can be exploited via a specially crafted SWF file to cause the index to reference memory that is under the attacker's control, which causes Flash Player to use attacker supplied values as function pointers.</p> <p>Successful exploitation allows execution of arbitrary - code..</p> + code.</p> </blockquote> </body> </description> @@ -127,7 +127,7 @@ Note: Please add new entries to the beginning of this file. which can be exploited by malicious people to conduct cross-site scripting attacks.</p> <p>Some input isn't properly sanitised before being - returned to the user. This can be exploited to execute + returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.</p> </blockquote> |