JVN Info.
- Id
- 3959
- Name
- JVNDB-2016-004732
- Title
- Adobe Flash Player におけるアクセス制限を回避される脆弱性
- Summary
- Adobe Flash Player には、アクセス制限を回避され、重要な情報を取得される脆弱性が存在します。
- Nvdinfo
- CVE-2016-4271
- Cvssv2
- 5
- Jvnurl
- http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-004732.html
- Published Date
- 2016-09-13
- Registered Date
- 2016-09-16
- Last Updated Date
- 2016-09-16
Related Nessuslogs
| Id | Log ID | Jvninfo Id | Plugin ID | CVE | CVSS | Risk | Host | Protocol | Port | Name | Synopsis | Description | Solution | See Also | Plugin Output | Actions |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 51318 | H28_MUN_DWEB_Q4_172_16_240_seg.csv | 3959 | 89112 | CVE-2008-4101 | 9.3 | High | 172.16.240.115 | tcp | 443 | VMware ESX Multiple Vulnerabilities (VMSA-2009-0004) (remote check) | The remote host is missing a security-related patch. | The remote VMware ESX host is missing a security-related patch. It is, therefore, is affected by multiple vulnerabilities : - A format string flaw exists in the Vim help tag processor in the helptags_one() function that allows a remote attacker to execute arbitrary code by tricking a user into executing the "helptags" command on malicious help files. (CVE-2007-2953) - Multiple flaws exist in the Vim system functions due to a failure to sanitize user-supplied input. An attacker can exploit these to execute arbitrary code by tricking a user into opening a crafted file. (CVE-2008-2712) - A heap-based buffer overflow condition exists in the Vim mch_expand_wildcards() function. An attacker can exploit this, via shell metacharacters in a crafted file name, to execute arbitrary code. (CVE-2008-3432) - Multiple flaws exist in Vim keyword and tag handling due to improper handling of escape characters. An attacker can exploit this, via a crafted document, to execute arbitrary shell commands or Ex commands. (CVE-2008-4101) - A security bypass vulnerability exists in OpenSSL due to a failure to properly check the return value from the EVP_VerifyFinal() function. A remote attacker can exploit this, via a malformed SSL/TLS signature for DSA and ECDSA keys, to bypass the validation of the certificate chain. (CVE-2008-5077) - A security bypass vulnerability exists in BIND due to a failure to properly check the return value from the OpenSSL DSA_verify() function. A remote attacker can exploit this, via a malformed SSL/TLS signature, to bypass the validation of the certificate chain on those systems using DNSSEC. (CVE-2009-0025) | Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0. | https://www.vmware.com/security/advisories/VMSA-2009-0004 | ESX version : ESX 4.0 Installed build : 208167 Fixed build : 219382 | |
| 56899 | H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv | 3959 | 89112 | CVE-2008-4101 | 9.3 | High | 172.16.240.115 | tcp | 443 | VMware ESX Multiple Vulnerabilities (VMSA-2009-0004) (remote check) | The remote host is missing a security-related patch. | The remote VMware ESX host is missing a security-related patch. It is, therefore, is affected by multiple vulnerabilities : - A format string flaw exists in the Vim help tag processor in the helptags_one() function that allows a remote attacker to execute arbitrary code by tricking a user into executing the "helptags" command on malicious help files. (CVE-2007-2953) - Multiple flaws exist in the Vim system functions due to a failure to sanitize user-supplied input. An attacker can exploit these to execute arbitrary code by tricking a user into opening a crafted file. (CVE-2008-2712) - A heap-based buffer overflow condition exists in the Vim mch_expand_wildcards() function. An attacker can exploit this, via shell metacharacters in a crafted file name, to execute arbitrary code. (CVE-2008-3432) - Multiple flaws exist in Vim keyword and tag handling due to improper handling of escape characters. An attacker can exploit this, via a crafted document, to execute arbitrary shell commands or Ex commands. (CVE-2008-4101) - A security bypass vulnerability exists in OpenSSL due to a failure to properly check the return value from the EVP_VerifyFinal() function. A remote attacker can exploit this, via a malformed SSL/TLS signature for DSA and ECDSA keys, to bypass the validation of the certificate chain. (CVE-2008-5077) - A security bypass vulnerability exists in BIND due to a failure to properly check the return value from the OpenSSL DSA_verify() function. A remote attacker can exploit this, via a malformed SSL/TLS signature, to bypass the validation of the certificate chain on those systems using DNSSEC. (CVE-2009-0025) | Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0. | https://www.vmware.com/security/advisories/VMSA-2009-0004 | ESX version : ESX 4.0 Installed build : 208167 Fixed build : 219382 |
