CVE-2008-4473
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.
Múltiples desbordamientos de búfer basados en montículo en Adobe Flash CS3 Professional en Windows y Flash MX 2004 permite a atacantes remotos ejecutar código de su elección a través de un fichero SWF que contiene largos parámetros de control.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-10-07 CVE Reserved
- 2008-10-17 CVE Published
- 2023-04-17 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf | X_refsource_misc | |
| http://securityreason.com/securityalert/4429 | Third Party Advisory | |
| http://securitytracker.com/id?1021060 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/497397/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/31769 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/2837 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45914 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/32246 | 2018-10-11 | |
| http://www.adobe.com/support/security/advisories/apsa08-09.html | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | cs3 Search vendor "Adobe" for product "Flash Player" and version "cs3" | professional |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | mx_2004 Search vendor "Adobe" for product "Flash Player" and version "mx_2004" | - |
Affected
| ||||||