cvelistv5 - cve-2008-5499

CVE-2008-5499 (GCVE-0-2008-5499)

Vulnerability from cvelistv5 – Published: 2008-12-18 00:00 – Updated: 2024-08-07 10:56

Summary

Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securitytracker.com/id?1021458	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/33221	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/3449	vdb-entryx_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2008-10…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/34226	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/33294	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/32896	vdb-entryx_refsource_BID
	http://osvdb.org/50796	vdb-entryx_refsource_OSVDB
	http://security.gentoo.org/glsa/glsa-200903-23.xml	vendor-advisoryx_refsource_GENTOO
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/33267	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:56:46.673Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1021458",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021458"
          },
          {
            "name": "33221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33221"
          },
          {
            "name": "ADV-2008-3449",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3449"
          },
          {
            "name": "RHSA-2008:1047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-1047.html"
          },
          {
            "name": "34226",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34226"
          },
          {
            "name": "33294",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33294"
          },
          {
            "name": "32896",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32896"
          },
          {
            "name": "50796",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/50796"
          },
          {
            "name": "GLSA-200903-23",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-24.html"
          },
          {
            "name": "flashplayer-swf-code-execution-var1(47445)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47445"
          },
          {
            "name": "SUSE-SA:2008:059",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html"
          },
          {
            "name": "33267",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33267"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1021458",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021458"
        },
        {
          "name": "33221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33221"
        },
        {
          "name": "ADV-2008-3449",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3449"
        },
        {
          "name": "RHSA-2008:1047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-1047.html"
        },
        {
          "name": "34226",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34226"
        },
        {
          "name": "33294",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33294"
        },
        {
          "name": "32896",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32896"
        },
        {
          "name": "50796",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/50796"
        },
        {
          "name": "GLSA-200903-23",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb08-24.html"
        },
        {
          "name": "flashplayer-swf-code-execution-var1(47445)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47445"
        },
        {
          "name": "SUSE-SA:2008:059",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html"
        },
        {
          "name": "33267",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33267"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5499",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1021458",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021458"
            },
            {
              "name": "33221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33221"
            },
            {
              "name": "ADV-2008-3449",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3449"
            },
            {
              "name": "RHSA-2008:1047",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-1047.html"
            },
            {
              "name": "34226",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34226"
            },
            {
              "name": "33294",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33294"
            },
            {
              "name": "32896",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32896"
            },
            {
              "name": "50796",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/50796"
            },
            {
              "name": "GLSA-200903-23",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-24.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-24.html"
            },
            {
              "name": "flashplayer-swf-code-execution-var1(47445)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47445"
            },
            {
              "name": "SUSE-SA:2008:059",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html"
            },
            {
              "name": "33267",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33267"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5499",
    "datePublished": "2008-12-18T00:00:00",
    "dateReserved": "2008-12-12T00:00:00",
    "dateUpdated": "2024-08-07T10:56:46.673Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.0.151.0\", \"matchCriteriaId\": \"72468E9A-37B6-444C-BF20-FEA5548A4364\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player_for_linux:9.0.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC9C3926-1FDB-4D8C-AC72-C7E1A222DB35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player_for_linux:9.0.48.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F08319F-1C6D-4BC5-BAF9-251509974532\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player_for_linux:9.0.115.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15C534DD-167D-45AA-B6DD-0776E78E649A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player_for_linux:9.0.124.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"910B58CC-8121-4B71-9ED9-3C9C45FA085B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player_for_linux:10.0.12.36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE94BCCA-F6B2-48C9-8FBD-36CC3194B00E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"155AD4FB-E527-4103-BCEF-801B653DEA37\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad sin especificar en Adobe Flash Player para Linux v10.0.12.36, y v9.0.151.0 y versiones anteriores, permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de un fichero SWF manipulado.\"}]",
      "id": "CVE-2008-5499",
      "lastModified": "2024-11-21T00:54:11.820",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-12-18T00:30:00.187",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/50796\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/33221\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/33267\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/33294\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34226\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200903-23.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb08-24.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-1047.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/32896\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1021458\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/3449\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/47445\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/50796\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/33221\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/33267\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/33294\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34226\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200903-23.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb08-24.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-1047.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/32896\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1021458\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/3449\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/47445\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-5499\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-12-18T00:30:00.187\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad sin especificar en Adobe Flash Player para Linux v10.0.12.36, y v9.0.151.0 y versiones anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero SWF manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.0.151.0\",\"matchCriteriaId\":\"72468E9A-37B6-444C-BF20-FEA5548A4364\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player_for_linux:9.0.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC9C3926-1FDB-4D8C-AC72-C7E1A222DB35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player_for_linux:9.0.48.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F08319F-1C6D-4BC5-BAF9-251509974532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player_for_linux:9.0.115.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15C534DD-167D-45AA-B6DD-0776E78E649A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player_for_linux:9.0.124.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"910B58CC-8121-4B71-9ED9-3C9C45FA085B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player_for_linux:10.0.12.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE94BCCA-F6B2-48C9-8FBD-36CC3194B00E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"155AD4FB-E527-4103-BCEF-801B653DEA37\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/50796\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/33221\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/33267\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/33294\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34226\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200903-23.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb08-24.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-1047.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/32896\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1021458\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/3449\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/47445\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/50796\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/33221\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/33267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/33294\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34226\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200903-23.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb08-24.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-1047.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/32896\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021458\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/3449\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/47445\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2008-5499

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.

Aliases

CVE-2008-5499

Aliases

CVE-2008-5499

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-5499",
    "description": "Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.",
    "id": "GSD-2008-5499",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-5499.html",
      "https://access.redhat.com/errata/RHSA-2008:1047",
      "https://packetstormsecurity.com/files/cve/CVE-2008-5499"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-5499"
      ],
      "details": "Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.",
      "id": "GSD-2008-5499",
      "modified": "2023-12-13T01:23:04.613571Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-5499",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1021458",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1021458"
          },
          {
            "name": "33221",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33221"
          },
          {
            "name": "ADV-2008-3449",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/3449"
          },
          {
            "name": "RHSA-2008:1047",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-1047.html"
          },
          {
            "name": "34226",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34226"
          },
          {
            "name": "33294",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33294"
          },
          {
            "name": "32896",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/32896"
          },
          {
            "name": "50796",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/50796"
          },
          {
            "name": "GLSA-200903-23",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb08-24.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-24.html"
          },
          {
            "name": "flashplayer-swf-code-execution-var1(47445)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47445"
          },
          {
            "name": "SUSE-SA:2008:059",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html"
          },
          {
            "name": "33267",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33267"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player_for_linux:10.0.12.36:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player_for_linux:9.0.124.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player_for_linux:9.0.115.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.0.151.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player_for_linux:9.0.48.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player_for_linux:9.0.31:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5499"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-24.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-24.html"
            },
            {
              "name": "RHSA-2008:1047",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-1047.html"
            },
            {
              "name": "33267",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/33267"
            },
            {
              "name": "33294",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/33294"
            },
            {
              "name": "SUSE-SA:2008:059",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html"
            },
            {
              "name": "50796",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/50796"
            },
            {
              "name": "32896",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/32896"
            },
            {
              "name": "33221",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/33221"
            },
            {
              "name": "1021458",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1021458"
            },
            {
              "name": "GLSA-200903-23",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
            },
            {
              "name": "34226",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34226"
            },
            {
              "name": "ADV-2008-3449",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/3449"
            },
            {
              "name": "flashplayer-swf-code-execution-var1(47445)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47445"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-08T01:33Z",
      "publishedDate": "2008-12-18T00:30Z"
    }
  }
}

CERTA-2008-AVI-605

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité affectant Adobe Flash Player pour Linux permet à une personne distante d'exécuter du code arbitraire.

Description

Une vulnérabilité non documentée a été découverte dans Adobe Flash Player pour Linux et permet à une personne malintentionnée distante d'exécuter du code arbitraire via un fichier SWF spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Adobe	N/A	Adobe Flash Player pour Linux version 9.0.151.0 et les versions antérieures.
	Adobe	N/A	Adobe Flash Player pour Linux version 10.0.12.36 et les versions antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB08-5499 du 17 décembre 2008	None	vendor-advisory
Bulletin de sécurité Adobe APSB08-24 du 17 décembre 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player pour Linux version 9.0.151.0 et les versions ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Linux version 10.0.12.36 et les versions ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 non document\u00e9e a \u00e9t\u00e9 d\u00e9couverte dans Adobe Flash\nPlayer pour Linux et permet \u00e0 une personne malintentionn\u00e9e distante\nd\u0027ex\u00e9cuter du code arbitraire via un fichier SWF sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-5499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5499"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB08-24 du 17 d\u00e9cembre 2008 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-24.html"
    }
  ],
  "reference": "CERTA-2008-AVI-605",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-12-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 affectant Adobe Flash Player pour \u003cspan\nclass=\"textit\"\u003eLinux\u003c/span\u003e permet \u00e0 une personne distante d\u0027ex\u00e9cuter du\ncode arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Flash Player pour Linux",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB08-5499 du 17 d\u00e9cembre 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-605

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité affectant Adobe Flash Player pour Linux permet à une personne distante d'exécuter du code arbitraire.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Adobe	N/A	Adobe Flash Player pour Linux version 9.0.151.0 et les versions antérieures.
	Adobe	N/A	Adobe Flash Player pour Linux version 10.0.12.36 et les versions antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB08-5499 du 17 décembre 2008	None	vendor-advisory
Bulletin de sécurité Adobe APSB08-24 du 17 décembre 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player pour Linux version 9.0.151.0 et les versions ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Linux version 10.0.12.36 et les versions ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 non document\u00e9e a \u00e9t\u00e9 d\u00e9couverte dans Adobe Flash\nPlayer pour Linux et permet \u00e0 une personne malintentionn\u00e9e distante\nd\u0027ex\u00e9cuter du code arbitraire via un fichier SWF sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-5499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5499"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB08-24 du 17 d\u00e9cembre 2008 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-24.html"
    }
  ],
  "reference": "CERTA-2008-AVI-605",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-12-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 affectant Adobe Flash Player pour \u003cspan\nclass=\"textit\"\u003eLinux\u003c/span\u003e permet \u00e0 une personne distante d\u0027ex\u00e9cuter du\ncode arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Flash Player pour Linux",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB08-5499 du 17 d\u00e9cembre 2008",
      "url": null
    }
  ]
}

RHSA-2008_1047

Vulnerability from csaf_redhat - Published: 2008-12-19 17:52 - Updated: 2024-11-14 10:06

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

An updated Adobe Flash Player package that fixes a security issue is now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

The flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in. A security flaw was found in the way Flash Player displayed certain SWF (Shockwave Flash) content. This may have made it possible to execute arbitrary code on a victim's machine, if the victim opened a malicious Adobe Flash file. (CVE-2008-5499) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.0.15.3 for users of Red Hat Enterprise Linux 5 Supplementary, and 9.0.152.0 for users of Red Hat Enterprise 3 and 4 Extras.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes a security issue is\nnow available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise\nLinux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nA security flaw was found in the way Flash Player displayed certain SWF\n(Shockwave Flash) content. This may have made it possible to execute\narbitrary code on a victim\u0027s machine, if the victim opened a malicious\nAdobe Flash file. (CVE-2008-5499)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.15.3 for users of Red Hat Enterprise\nLinux 5 Supplementary, and 9.0.152.0 for users of Red Hat Enterprise 3 and\n4 Extras.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:1047",
        "url": "https://access.redhat.com/errata/RHSA-2008:1047"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb08-24.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb08-24.html"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/products/flashplayer/",
        "url": "http://www.adobe.com/products/flashplayer/"
      },
      {
        "category": "external",
        "summary": "476172",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476172"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_1047.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:06:59+00:00",
      "generator": {
        "date": "2024-11-14T10:06:59+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2008:1047",
      "initial_release_date": "2008-12-19T17:52:00+00:00",
      "revision_history": [
        {
          "date": "2008-12-19T17:52:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-12-19T12:52:50+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:06:59+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.152.0-1.el4.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.152.0-1.el4.i386",
                  "product_id": "flash-plugin-0:9.0.152.0-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.152.0-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
                  "product_id": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.152.0-1.el3.with.oss?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "flash-plugin-0:10.0.15.3-2.el5.i386",
                "product": {
                  "name": "flash-plugin-0:10.0.15.3-2.el5.i386",
                  "product_id": "flash-plugin-0:10.0.15.3-2.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@10.0.15.3-2.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.152.0-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:flash-plugin-0:9.0.152.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.152.0-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.152.0-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:flash-plugin-0:9.0.152.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.152.0-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.152.0-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:flash-plugin-0:9.0.152.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.152.0-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.152.0-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:flash-plugin-0:9.0.152.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.152.0-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.15.3-2.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:flash-plugin-0:10.0.15.3-2.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.15.3-2.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.15.3-2.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:flash-plugin-0:10.0.15.3-2.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.15.3-2.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-5499",
      "discovery_date": "2008-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "476172"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Linux-specific code execution flaw via crafted SWF file",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.152.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.152.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.152.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.152.0-1.el4.i386",
          "5Client-Supplementary:flash-plugin-0:10.0.15.3-2.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.15.3-2.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5499"
        },
        {
          "category": "external",
          "summary": "RHBZ#476172",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476172"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5499",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5499"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5499",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5499"
        }
      ],
      "release_date": "2008-12-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-12-19T17:52:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.152.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.152.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.152.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.152.0-1.el4.i386",
            "5Client-Supplementary:flash-plugin-0:10.0.15.3-2.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.15.3-2.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:1047"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Linux-specific code execution flaw via crafted SWF file"
    }
  ]
}

RHSA-2008:1047

Vulnerability from csaf_redhat - Published: 2008-12-19 17:52 - Updated: 2025-11-21 17:34

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes a security issue is\nnow available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise\nLinux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nA security flaw was found in the way Flash Player displayed certain SWF\n(Shockwave Flash) content. This may have made it possible to execute\narbitrary code on a victim\u0027s machine, if the victim opened a malicious\nAdobe Flash file. (CVE-2008-5499)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.15.3 for users of Red Hat Enterprise\nLinux 5 Supplementary, and 9.0.152.0 for users of Red Hat Enterprise 3 and\n4 Extras.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:1047",
        "url": "https://access.redhat.com/errata/RHSA-2008:1047"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb08-24.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb08-24.html"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/products/flashplayer/",
        "url": "http://www.adobe.com/products/flashplayer/"
      },
      {
        "category": "external",
        "summary": "476172",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476172"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_1047.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:34:05+00:00",
      "generator": {
        "date": "2025-11-21T17:34:05+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2008:1047",
      "initial_release_date": "2008-12-19T17:52:00+00:00",
      "revision_history": [
        {
          "date": "2008-12-19T17:52:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-12-19T12:52:50+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:34:05+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.152.0-1.el4.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.152.0-1.el4.i386",
                  "product_id": "flash-plugin-0:9.0.152.0-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.152.0-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
                  "product_id": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.152.0-1.el3.with.oss?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "flash-plugin-0:10.0.15.3-2.el5.i386",
                "product": {
                  "name": "flash-plugin-0:10.0.15.3-2.el5.i386",
                  "product_id": "flash-plugin-0:10.0.15.3-2.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@10.0.15.3-2.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.152.0-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:flash-plugin-0:9.0.152.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.152.0-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.152.0-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:flash-plugin-0:9.0.152.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.152.0-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.152.0-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:flash-plugin-0:9.0.152.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.152.0-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.152.0-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:flash-plugin-0:9.0.152.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.152.0-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.15.3-2.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:flash-plugin-0:10.0.15.3-2.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.15.3-2.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:10.0.15.3-2.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:flash-plugin-0:10.0.15.3-2.el5.i386"
        },
        "product_reference": "flash-plugin-0:10.0.15.3-2.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-5499",
      "discovery_date": "2008-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "476172"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: Linux-specific code execution flaw via crafted SWF file",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.152.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.152.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.152.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.152.0-1.el4.i386",
          "5Client-Supplementary:flash-plugin-0:10.0.15.3-2.el5.i386",
          "5Server-Supplementary:flash-plugin-0:10.0.15.3-2.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5499"
        },
        {
          "category": "external",
          "summary": "RHBZ#476172",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476172"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5499",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5499"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5499",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5499"
        }
      ],
      "release_date": "2008-12-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-12-19T17:52:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.152.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.152.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.152.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.152.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.152.0-1.el4.i386",
            "5Client-Supplementary:flash-plugin-0:10.0.15.3-2.el5.i386",
            "5Server-Supplementary:flash-plugin-0:10.0.15.3-2.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:1047"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: Linux-specific code execution flaw via crafted SWF file"
    }
  ]
}

FKIE_CVE-2008-5499

Vulnerability from fkie_nvd - Published: 2008-12-18 00:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html
cve@mitre.org	http://osvdb.org/50796
cve@mitre.org	http://secunia.com/advisories/33221
cve@mitre.org	http://secunia.com/advisories/33267
cve@mitre.org	http://secunia.com/advisories/33294	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/34226
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200903-23.xml
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb08-24.html	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-1047.html
cve@mitre.org	http://www.securityfocus.com/bid/32896
cve@mitre.org	http://www.securitytracker.com/id?1021458
cve@mitre.org	http://www.vupen.com/english/advisories/2008/3449
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/47445
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/50796
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33221
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33267
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33294	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34226
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200903-23.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb08-24.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-1047.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32896
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021458
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/3449
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/47445

Impacted products

Vendor	Product	Version
adobe	flash_player_for_linux	*
adobe	flash_player_for_linux	9.0.31
adobe	flash_player_for_linux	9.0.48.0
adobe	flash_player_for_linux	9.0.115.0
adobe	flash_player_for_linux	9.0.124.0
adobe	flash_player_for_linux	10.0.12.36
linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72468E9A-37B6-444C-BF20-FEA5548A4364",
              "versionEndIncluding": "9.0.151.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player_for_linux:9.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC9C3926-1FDB-4D8C-AC72-C7E1A222DB35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player_for_linux:9.0.48.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F08319F-1C6D-4BC5-BAF9-251509974532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player_for_linux:9.0.115.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15C534DD-167D-45AA-B6DD-0776E78E649A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player_for_linux:9.0.124.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "910B58CC-8121-4B71-9ED9-3C9C45FA085B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player_for_linux:10.0.12.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE94BCCA-F6B2-48C9-8FBD-36CC3194B00E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en Adobe Flash Player para Linux v10.0.12.36, y v9.0.151.0 y versiones anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero SWF manipulado."
    }
  ],
  "id": "CVE-2008-5499",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-18T00:30:00.187",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/50796"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33221"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33267"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33294"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34226"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-24.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-1047.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32896"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021458"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/3449"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47445"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/50796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-24.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-1047.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47445"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JMFJ-RGC6-43MH

Vulnerability from github – Published: 2022-05-17 02:17 – Updated: 2022-05-17 02:17

Details

Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-5499"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-12-18T00:30:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.",
  "id": "GHSA-jmfj-rgc6-43mh",
  "modified": "2022-05-17T02:17:31Z",
  "published": "2022-05-17T02:17:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5499"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47445"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/50796"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33221"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33267"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33294"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34226"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-24.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-1047.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/32896"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021458"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/3449"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-5499 (GCVE-0-2008-5499)

GSD-2008-5499

CERTA-2008-AVI-605

Description

Solution

CERTA-2008-AVI-605

Description

Solution

RHSA-2008_1047

RHSA-2008:1047

FKIE_CVE-2008-5499

GHSA-JMFJ-RGC6-43MH

Tags

Sightings

Nomenclature