FKIE_CVE-2008-4823

Vulnerability from fkie_nvd - Published: 2008-11-10 14:12 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute.
References
cve@mitre.orghttp://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html
cve@mitre.orghttp://secunia.com/advisories/32702
cve@mitre.orghttp://secunia.com/advisories/33179
cve@mitre.orghttp://secunia.com/advisories/33390
cve@mitre.orghttp://secunia.com/advisories/34226
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200903-23.xml
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
cve@mitre.orghttp://support.apple.com/kb/HT3338
cve@mitre.orghttp://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
cve@mitre.orghttp://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
cve@mitre.orghttp://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=
cve@mitre.orghttp://www.adobe.com/support/security/bulletins/apsb08-20.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0980.html
cve@mitre.orghttp://www.securityfocus.com/bid/32129Patch
cve@mitre.orghttp://www.securitytracker.com/id?1021151
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA08-350A.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/3444
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32702
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33179
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33390
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34226
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200903-23.xml
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3338
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
af854a3a-2127-422b-91ae-364da2661108http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb08-20.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0980.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32129Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021151
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-350A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3444
Impacted products
Vendor Product Version
adobe flash_player *
adobe flash_player 7.0.69.0
adobe flash_player 8.0.39.0
adobe flash_player 9.0
adobe flash_player 9.0.16
adobe flash_player 9.0.16
adobe flash_player 9.0.18d60
adobe flash_player 9.0.20
adobe flash_player 9.0.20.0
adobe flash_player 9.0.28
adobe flash_player 9.0.28.0
adobe flash_player 9.0.28.0
adobe flash_player 9.0.31
adobe flash_player 9.0.31.0
adobe flash_player 9.0.45.0
adobe flash_player 9.0.47.0
adobe flash_player 9.0.48.0
adobe flash_player 9.0.112.0
adobe flash_player 9.0.114.0
adobe flash_player 9.0.115.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE43678F-7BFF-43EF-8968-B440E2BEF76F",
              "versionEndIncluding": "9.0.124.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A0777F-22C2-4FD5-BE81-8982BE6874D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:windows:*:*:*:*:*",
              "matchCriteriaId": "5A37EB65-9EDD-41B0-ABEB-8A00232D8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
              "matchCriteriaId": "600DDA9D-6440-48D1-8539-7127398A8678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:mac_os_x:*:*:*:*:*",
              "matchCriteriaId": "91A2A8EA-455E-4E26-8D4A-56925A42F559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5D52F86-2E38-4C66-9939-7603367B8D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe Flash Player v9.0.124.0 y versiones anteriores permite a atacantes remotos inyectar web script o HTML de su elecci\u00f3n a trav\u00e9s de vectores relacionados con una interpretaci\u00f3n perdida de un atributo ActionScript."
    }
  ],
  "id": "CVE-2008-4823",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-11-10T14:12:55.903",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32702"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33179"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33390"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34226"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3338"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/32129"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021151"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/3444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32702"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3338"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/32129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3444"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.