Vulnerability CVE-2008-4473
Published: 2008-10-17   Modified: 2012-02-12

Description:
Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.

See advisories in our WLB2 database:
Topic
Author
Date
High
Multiple Flash Authoring Heap Overflows - Malformed SWF Files
Paul Craig
16.10.2008

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Adobe -> Flash player 

 References:
http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf
http://securityreason.com/securityalert/4429
http://securitytracker.com/id?1021060
http://www.adobe.com/support/security/advisories/apsa08-09.html
http://www.securityfocus.com/archive/1/497397/100/0/threaded
http://www.securityfocus.com/bid/31769
http://www.vupen.com/english/advisories/2008/2837
https://exchange.xforce.ibmcloud.com/vulnerabilities/45914
Copyright 2024, cxsecurity.com

 

Back to Top