Vulnerability Details CVE-2008-4473
Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.209
EPSS Ranking 95.4%
CVSS Severity
CVSS v2 Score 9.3
References
- http://secunia.com/advisories/32246
- http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf
- http://securityreason.com/securityalert/4429
- http://securitytracker.com/id?1021060
- http://www.adobe.com/support/security/advisories/apsa08-09.html
- http://www.securityfocus.com/archive/1/497397/100/0/threaded
- http://www.securityfocus.com/bid/31769
- http://www.vupen.com/english/advisories/2008/2837
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45914
- http://secunia.com/advisories/32246
- http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf
- http://securityreason.com/securityalert/4429
- http://securitytracker.com/id?1021060
- http://www.adobe.com/support/security/advisories/apsa08-09.html
- http://www.securityfocus.com/archive/1/497397/100/0/threaded
- http://www.securityfocus.com/bid/31769
- http://www.vupen.com/english/advisories/2008/2837
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45914
Products affected by CVE-2008-4473
-
cpe:2.3:a:adobe:flash_player:cs3
-
cpe:2.3:a:adobe:flash_player:mx_2004
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:microsoft:windows:1.0
-
cpe:2.3:o:microsoft:windows:2.0
-
cpe:2.3:o:microsoft:windows:2000
-
cpe:2.3:o:microsoft:windows:3.0
-
cpe:2.3:o:microsoft:windows:3.1
-
cpe:2.3:o:microsoft:windows:3.11
-
cpe:2.3:o:microsoft:windows:server_2008
-
cpe:2.3:o:microsoft:windows:vista