Added: 01/07/2008
CVE: CVE-2008-5499
BID: 32896
OSVDB: 50796
Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.
An input validation vulnerability allows command execution when the browser loads an SWF file which contains shell metacharacters in the arguments to the ActionScript launch method.
Upgrade to Adobe Flash Player 10.0.15.3 or higher.
<http://www.adobe.com/support/security/bulletins/apsb08-24.html>
Exploit works on Adobe Systems Flash Player 10.0.12.36 on Red Hat Enterprise Linux 5 and requires a user to load the exploit page in a browser.
The target host must have the Adobe AIR package installed.
The target host must have PERL installed.
Linux