CVE-2008-1654

Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.
Configurations

Configuration 1 (hide)

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-04-02 18:44

Updated : 2024-02-28 11:21


NVD link : CVE-2008-1654

Mitre link : CVE-2008-1654

CVE.ORG link : CVE-2008-1654


JSON object : View

Products Affected

adobe

  • flash_player
CWE
CWE-352

Cross-Site Request Forgery (CSRF)