Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.
References
Configurations
History
No history.
Information
Published : 2008-04-02 18:44
Updated : 2024-02-28 11:21
NVD link : CVE-2008-1654
Mitre link : CVE-2008-1654
CVE.ORG link : CVE-2008-1654
JSON object : View
Products Affected
adobe
- flash_player
CWE
CWE-352
Cross-Site Request Forgery (CSRF)