Lucene search

K

[email protected]CVE-2008-4546

HistoryOct 14, 2008 - 3:28 p.m.

CVE-2008-4546

2008-10-1415:28:00

CWE-399

[email protected]

web.nvd.nist.gov

41

cve-2008-4546

adobe

flash player

air

denial of service

vulnerability

nvd

8.9 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.1%

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.

CPENameOperatorVersion
adobe:flash_playeradobe flash playereq9.0.112.0
adobe:flash_playeradobe flash playereq9.0.45.0
adobe:flash_playeradobe flash playereq9.0.115.0
adobe:flash_playeradobe flash playereq10.0.12.10

References

itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html

lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

secunia.com/advisories/32759

secunia.com/advisories/40545

secunia.com/advisories/43026

security.gentoo.org/glsa/glsa-201101-09.xml

securityreason.com/securityalert/4401

securitytracker.com/id?1024085

securitytracker.com/id?1024086

support.apple.com/kb/HT4435

www.adobe.com/support/security/bulletins/apsb10-14.html

www.mochimedia.com/~matthew/flashcrash/

www.redhat.com/support/errata/RHSA-2010-0464.html

www.redhat.com/support/errata/RHSA-2010-0470.html

www.securityfocus.com/archive/1/496929/100/0/threaded

www.securityfocus.com/bid/31537

www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt

www.us-cert.gov/cas/techalerts/TA10-162A.html

www.vupen.com/english/advisories/2010/1421

www.vupen.com/english/advisories/2010/1432

www.vupen.com/english/advisories/2010/1434

www.vupen.com/english/advisories/2010/1453

www.vupen.com/english/advisories/2010/1482

www.vupen.com/english/advisories/2010/1522

www.vupen.com/english/advisories/2010/1793

www.vupen.com/english/advisories/2011/0192

exchange.xforce.ibmcloud.com/vulnerabilities/45630

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187

8.9 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.1%

Related for CVE-2008-4546

prion1 ubuntucve1 nessus17 redhat2 openvas14 securityvulns4 freebsd1 suse1 gentoo1