ID CVE-2008-3873
Summary The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 08-08-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2008:0945
  • rhsa
    id RHSA-2008:0980
refmap via4
bid 31117
confirm
gentoo GLSA-200903-23
misc
sectrack 1020724
secunia
  • 32448
  • 32702
  • 32759
  • 33390
  • 34226
sunalert 248586
suse SUSE-SR:2008:025
vupen ADV-2008-2838
xf adobe-flash-setclipboard-hijacking(44584)
Last major update 08-08-2017 - 01:32
Published 29-08-2008 - 17:41
Back to Top