9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.969 High
EPSS
Percentile
99.7%
Added: 01/07/2008
CVE: CVE-2008-5499
BID: 32896
OSVDB: 50796
Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.
An input validation vulnerability allows command execution when the browser loads an SWF file which contains shell metacharacters in the arguments to the ActionScript launch method.
Upgrade to Adobe Flash Player 10.0.15.3 or higher.
<http://www.adobe.com/support/security/bulletins/apsb08-24.html>
Exploit works on Adobe Systems Flash Player 10.0.12.36 on Red Hat Enterprise Linux 5 and requires a user to load the exploit page in a browser.
The target host must have the Adobe AIR package installed.
The target host must have PERL installed.
Linux