#VU1427 Clickjacking attack in Adobe AIR and Adobe Flash Player - CVE-2009-1867
Published: December 20, 2016 / Updated: March 16, 2017
Vulnerability identifier: #VU1427
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2009-1867
CWE-ID: CWE-59
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Adobe AIR
Adobe Flash Player
Adobe AIR
Adobe Flash Player
Software vendor:
Adobe
Adobe
Description
The vulnerability allows a remote attacker to hijack the clicking action of the victim.
The vulnerability exists in IBM Security Identity Manager Virtual Appliance. A remote attacker can hijack the target user's mouse clicks and take actions on the site acting as the target user by tricking the victim into visiting a malicious web site.
Successful exploitation of this vulnerability may result in disclosure of user information.
The vulnerability exists in IBM Security Identity Manager Virtual Appliance. A remote attacker can hijack the target user's mouse clicks and take actions on the site acting as the target user by tricking the victim into visiting a malicious web site.
Successful exploitation of this vulnerability may result in disclosure of user information.
Remediation
Update Adobe Flash Player 9.x and earlier to version 9.0.246.0:
http://www.adobe.com/support/flashplayer/downloads.html#fp9
Update Adobe Flash Player 10.x to version 10.0.32.18:
http://www.adobe.com/go/getflashplayer
Update Adobe Air to version 1.5.2.
http://get.adobe.com/air/
http://www.adobe.com/support/flashplayer/downloads.html#fp9
Update Adobe Flash Player 10.x to version 10.0.32.18:
http://www.adobe.com/go/getflashplayer
Update Adobe Air to version 1.5.2.
http://get.adobe.com/air/