CVE-2008-4473
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
96.7%
Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| adobe | flash_player | cs3 | cpe:2.3:a:adobe:flash_player:cs3:*:professional:*:*:*:*:* |
| microsoft | windows | * | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
| adobe | flash_player | mx_2004 | cpe:2.3:a:adobe:flash_player:mx_2004:*:*:*:*:*:*:* |
References
secunia.com/advisories/32246
security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf
securityreason.com/securityalert/4429
securitytracker.com/id?1021060
www.adobe.com/support/security/advisories/apsa08-09.html
www.securityfocus.com/archive/1/497397/100/0/threaded
www.securityfocus.com/bid/31769
www.vupen.com/english/advisories/2008/2837
exchange.xforce.ibmcloud.com/vulnerabilities/45914
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
96.7%