CVE-2008-5499

Adobe Flash Player ActionScript Launch Command Execution Vulnerability

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.

Vulnerabilidad sin especificar en Adobe Flash Player para Linux v10.0.12.36, y v9.0.151.0 y versiones anteriores, permite a atacantes remotos ejecutar código de su elección a través de un fichero SWF manipulado.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-12-12 CVE Reserved
2008-12-17 First Exploit
2008-12-18 CVE Published
2024-08-07 CVE Updated
2024-09-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (17)

URL	Tag	Source
http://osvdb.org/50796	Vdb Entry
http://secunia.com/advisories/33221	Third Party Advisory
http://secunia.com/advisories/33267	Third Party Advisory
http://secunia.com/advisories/34226	Third Party Advisory
http://www.securityfocus.com/bid/32896	Vdb Entry
http://www.securitytracker.com/id?1021458	Vdb Entry
http://www.vupen.com/english/advisories/2008/3449	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/47445	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/18761	2012-04-20
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb	2008-12-17

URL	Date	SRC
http://www.adobe.com/support/security/bulletins/apsb08-24.html	2008-12-17

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html	2017-08-08
http://secunia.com/advisories/33294	2017-08-08
http://security.gentoo.org/glsa/glsa-200903-23.xml	2017-08-08
http://www.redhat.com/support/errata/RHSA-2008-1047.html	2017-08-08
https://access.redhat.com/security/cve/CVE-2008-5499	2008-12-19
https://bugzilla.redhat.com/show_bug.cgi?id=476172	2008-12-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Adobe Search vendor "Adobe"	Flash Player For Linux Search vendor "Adobe" for product "Flash Player For Linux"	<= 9.0.151.0 Search vendor "Adobe" for product "Flash Player For Linux" and version " <= 9.0.151.0"	-	Affected	in	Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	*	-	Safe
Adobe Search vendor "Adobe"	Flash Player For Linux Search vendor "Adobe" for product "Flash Player For Linux"	9.0.31 Search vendor "Adobe" for product "Flash Player For Linux" and version "9.0.31"	-	Affected	in	Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	*	-	Safe
Adobe Search vendor "Adobe"	Flash Player For Linux Search vendor "Adobe" for product "Flash Player For Linux"	9.0.48.0 Search vendor "Adobe" for product "Flash Player For Linux" and version "9.0.48.0"	-	Affected	in	Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	*	-	Safe
Adobe Search vendor "Adobe"	Flash Player For Linux Search vendor "Adobe" for product "Flash Player For Linux"	9.0.115.0 Search vendor "Adobe" for product "Flash Player For Linux" and version "9.0.115.0"	-	Affected	in	Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	*	-	Safe
Adobe Search vendor "Adobe"	Flash Player For Linux Search vendor "Adobe" for product "Flash Player For Linux"	9.0.124.0 Search vendor "Adobe" for product "Flash Player For Linux" and version "9.0.124.0"	-	Affected	in	Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	*	-	Safe
Adobe Search vendor "Adobe"	Flash Player For Linux Search vendor "Adobe" for product "Flash Player For Linux"	10.0.12.36 Search vendor "Adobe" for product "Flash Player For Linux" and version "10.0.12.36"	-	Affected	in	Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	*	-	Safe