Lucene search

SAINT CorporationSAINT:82B8544AAE7DA47AB2B24B12A3DAC0AD

HistoryJan 07, 2008 - 12:00 a.m.

Adobe Flash Player ActionScript launch command execution

2008-01-0700:00:00

SAINT Corporation

my.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%

JSON

Added: 01/07/2008
CVE: CVE-2008-5499
BID: 32896
OSVDB: 50796

Background

Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.

Problem

An input validation vulnerability allows command execution when the browser loads an SWF file which contains shell metacharacters in the arguments to the ActionScript launch method.

Resolution

Upgrade to Adobe Flash Player 10.0.15.3 or higher.

References

<http://www.adobe.com/support/security/bulletins/apsb08-24.html>

Limitations

Exploit works on Adobe Systems Flash Player 10.0.12.36 on Red Hat Enterprise Linux 5 and requires a user to load the exploit page in a browser.

The target host must have the Adobe AIR package installed.

The target host must have PERL installed.

Platforms

Linux

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%

JSON

Related for SAINT:82B8544AAE7DA47AB2B24B12A3DAC0AD