Search...

CVE-2008-3515

2008-08-13T00:41:00

ID CVE-2008-3515
Type cve
Reporter cve@mitre.org
Modified 2011-03-08T03:10:00

Description

Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516.

JSON Vulners Source

Initial Source

{"id": "CVE-2008-3515", "bulletinFamily": "NVD", "title": "CVE-2008-3515", "description": "Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516.", "published": "2008-08-13T00:41:00", "modified": "2011-03-08T03:10:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3515", "reporter": "cve@mitre.org", "references": ["http://www.securitytracker.com/id?1020645", "http://secunia.com/advisories/31432", "http://www.securityfocus.com/bid/30615", "http://www.adobe.com/support/security/bulletins/apsb08-17.html", "http://www.vupen.com/english/advisories/2008/2322"], "cvelist": ["CVE-2008-3515"], "type": "cve", "lastseen": "2021-02-02T05:35:15", "edition": 4, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:900110", "OPENVAS:1361412562310900110"]}, {"type": "seebug", "idList": ["SSV:3812"]}], "modified": "2021-02-02T05:35:15", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-02-02T05:35:15", "rev": 2}, "vulnersScore": 4.4}, "cpe": ["cpe:/a:adobe:presenter:6", "cpe:/a:adobe:presenter:7"], "affectedSoftware": [{"cpeName": "adobe:presenter", "name": "adobe presenter", "operator": "eq", "version": "7"}, {"cpeName": "adobe:presenter", "name": "adobe presenter", "operator": "eq", "version": "6"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:a:adobe:presenter:6:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:presenter:7:*:*:*:*:*:*:*"], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:presenter:7:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:presenter:6:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://www.adobe.com/support/security/bulletins/apsb08-17.html", "refsource": "CONFIRM", "tags": ["Patch"], "url": "http://www.adobe.com/support/security/bulletins/apsb08-17.html"}, {"name": "30615", "refsource": "BID", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/30615"}, {"name": "31432", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31432"}, {"name": "1020645", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id?1020645"}, {"name": "ADV-2008-2322", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2008/2322"}]}

{"openvas": [{"lastseen": "2017-07-02T21:10:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3516", "CVE-2008-3515"], "description": "The host is running Adobe Presenter, which prone to to input\n validation errors which can be exploited by malicious people \n to conduct cross-site scripting vulnerability.", "modified": "2017-02-20T00:00:00", "published": "2008-08-22T00:00:00", "id": "OPENVAS:900110", "href": "http://plugins.openvas.org/nasl.php?oid=900110", "type": "openvas", "title": "Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_presenter_xss_vuln_900110.nasl 5370 2017-02-20 15:24:26Z cfi $\n# Description: Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\ntag_impact = \"Execution of arbitrary HTML or Scripting code in the security\n context of the affected web site.\n Impact Level : Application\";\n\ntag_solution = \"Upgrade to Adobe Presenter 7.0.1,\n http://www.adobe.com/downloads/\";\n\ntag_affected = \"Adobe Presenter 6.x and 7.x\";\n\ntag_insight = \"Input validation errors in the 'viewer.swf' and 'loadflash.js' files,\n which could be exploited by attackers to execute arbitrary scripting\n code in the user's browser session.\";\n\n\ntag_summary = \"The host is running Adobe Presenter, which prone to to input\n validation errors which can be exploited by malicious people \n to conduct cross-site scripting vulnerability.\";\n\n\nif(description)\n{\n script_id(900110);\n script_version(\"$Revision: 5370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 16:24:26 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-08-22 10:29:01 +0200 (Fri, 22 Aug 2008)\");\n script_bugtraq_id(30615);\n script_cve_id(\"CVE-2008-3515\",\"CVE-2008-3516\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"Web application abuses\");\t\t\t\n script_name(\"Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability\");\n\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/31432/\");\n script_xref(name : \"URL\" , value : \"http://www.frsirt.com/english/advisories/2008/2322\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb08-17.html\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\n\n include(\"smb_nt.inc\");\n\n if(!(get_kb_item(\"SMB/WindowsVersion\"))){\n exit(0);\n }\n\n if(!registry_key_exists(key:\"SOFTWARE\\Adobe\\Presenter\")){\n exit(0);\n }\n\n adobeVer = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\" +\n\t\t\t\t \"\\Uninstall\\Adobe Presenter 6\",\n\t\t\t item:\"DisplayVersion\");\n if(!adobeVer)\n {\n\tadobeVer = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\" +\n \"\\Uninstall\\Adobe Presenter 7\",\n item:\"DisplayVersion\");\n\tif(!adobeVer){\n\t\texit(0);\n\t}\n }\n\n if(egrep(pattern:\"^(6\\..*|7\\.0)$\", string:adobeVer)){\n \tsecurity_message(0);\n }\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-08-07T15:18:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3516", "CVE-2008-3515"], "description": "The host is running Adobe Presenter, which is prone to input\n validation errors which can be exploited by malicious people to conduct cross-site scripting vulnerability.", "modified": "2019-08-06T00:00:00", "published": "2008-08-22T00:00:00", "id": "OPENVAS:1361412562310900110", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900110", "type": "openvas", "title": "Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# Description: Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900110\");\n script_version(\"2019-08-06T11:17:21+0000\");\n script_tag(name:\"last_modification\", value:\"2019-08-06 11:17:21 +0000 (Tue, 06 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2008-08-22 10:29:01 +0200 (Fri, 22 Aug 2008)\");\n script_bugtraq_id(30615);\n script_cve_id(\"CVE-2008-3515\", \"CVE-2008-3516\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"Web application abuses\");\n script_name(\"Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/31432/\");\n script_xref(name:\"URL\", value:\"http://www.frsirt.com/english/advisories/2008/2322\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb08-17.html\");\n\n script_tag(name:\"summary\", value:\"The host is running Adobe Presenter, which is prone to input\n validation errors which can be exploited by malicious people to conduct cross-site scripting vulnerability.\");\n\n script_tag(name:\"insight\", value:\"Input validation errors in the 'viewer.swf' and 'loadflash.js' files,\n which could be exploited by attackers to execute arbitrary scripting code in the user's browser session.\");\n\n script_tag(name:\"affected\", value:\"Adobe Presenter 6.x and 7.x.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Presenter 7.0.1.\");\n\n script_tag(name:\"impact\", value:\"Execution of arbitrary HTML or Scripting code in the security\n context of the affected web site.\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\n\nif(!(get_kb_item(\"SMB/WindowsVersion\"))){\n exit(0);\n}\n\nif(!registry_key_exists(key:\"SOFTWARE\\Adobe\\Presenter\")){\n exit(0);\n}\n\nadobeVer = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Adobe Presenter 6\",\n item:\"DisplayVersion\");\nif(!adobeVer)\n{\n adobeVer = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Adobe Presenter 7\",\n item:\"DisplayVersion\");\n if(!adobeVer){\n exit(0);\n }\n}\n\nif(egrep(pattern:\"^(6\\..*|7\\.0)$\", string:adobeVer)){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "seebug": [{"lastseen": "2017-11-19T21:32:15", "description": "BUGTRAQ ID: 30615\r\nCVE ID\uff1aCVE-2008-3515\r\n CVE-2008-3516\r\nCNCVE ID\uff1aCNCVE-20083515\r\n CNCVE-20083516\r\n\r\nAdobe Presenter\u662f\u4e00\u5957\u591a\u5a92\u4f53\u7684\u8fdc\u8ddd\u6559\u5b66\u5236\u4f5c\u5de5\u5177\u3002\r\nAdobe Presenter 7\u548cAdobe Presenter 6\u751f\u6210\u4ee3\u7801\u65f6\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u3002\r\n\u66f4\u65b0\u6240\u9700\u7684\u76f8\u5173\u6587\u4ef6\u5305\u62ecviewer.swf\u548cloadflash.js\u3002\u53e6\u5916\u66f4\u65b0Presenter\u5b89\u88c5\u65f6\uff0c\u7528\u6237\u5efa\u8bae\u66f4\u65b0\u4efb\u4f55\u5df2\u7ecf\u914d\u7f6e\u5728WEB\u7ad9\u70b9\u4e0a\u7684Presenter 7\u751f\u6210\u7684viewer.swf\u6216loadflash.js\u5b9e\u4f8b\u3002\u4efb\u4f55Present 6\u5efa\u7acb\u7684\u5185\u5bb9\u9700\u8981\u91cd\u65b0\u751f\u6210\u548c\u91cd\u914d\u7f6e\u3002\n\nAdobe Presenter 7\r\nAdobe Presenter 6\n \u53ef\u53c2\u8003\u5982\u4e0b\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\n<a href=http://www.adobe.com/support/security/bulletins/apsb08-17.html target=_blank>http://www.adobe.com/support/security/bulletins/apsb08-17.html</a>", "published": "2008-08-11T00:00:00", "title": "Adobe Presenter\u591a\u4e2a\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3515", "CVE-2008-3516"], "modified": "2008-08-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3812", "id": "SSV:3812", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": ""}]}