ID CVE-2008-5499
Summary Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.
References
Vulnerable Configurations
  • Adobe Flash Player 10.0.12.36 Linux
    cpe:2.3:a:adobe:flash_player_for_linux:10.0.12.36
  • Adobe Flash Player 9.0.124.0 Linux
    cpe:2.3:a:adobe:flash_player_for_linux:9.0.124.0
  • Adobe Flash Player 9.0.115.0 Linux
    cpe:2.3:a:adobe:flash_player_for_linux:9.0.115.0
  • Adobe Flash 9.0.48.0 Linux
    cpe:2.3:a:adobe:flash_player_for_linux:9.0.48.0
  • Adobe Flash 9.0.31 Linux
    cpe:2.3:a:adobe:flash_player_for_linux:9.0.31
  • Adobe Flash Player 9.0.151.0 Linux
    cpe:2.3:a:adobe:flash_player_for_linux:9.0.151.0
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
CVSS
Base: 9.3 (as of 18-12-2008 - 15:07)
Impact:
Exploitability:
CWE CWE-94
CAPEC
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Adobe Flash Player ActionScript Launch Command Execution Vulnerability. CVE-2008-5499. Remote exploit for linux platform
id EDB-ID:18761
last seen 2016-02-02
modified 2012-04-20
published 2012-04-20
reporter metasploit
source https://www.exploit-db.com/download/18761/
title Adobe Flash Player ActionScript Launch Command Execution Vulnerability
metasploit via4
description This module exploits a vulnerability in Adobe Flash Player for Linux, version 10.0.12.36 and 9.0.151.0 and prior. An input validation vulnerability allows command execution when the browser loads a SWF file which contains shell metacharacters in the arguments to the ActionScript launch method. The victim must have Adobe AIR installed for the exploit to work. This module was tested against version 10.0.12.36 (10r12_36).
id MSF:EXPLOIT/LINUX/BROWSER/ADOBE_FLASHPLAYER_ASLAUNCH
last seen 2019-03-31
modified 2017-08-29
published 2012-04-10
reliability Good
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb
title Adobe Flash Player ActionScript Launch Command Execution Vulnerability
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-1047.NASL
    description An updated Adobe Flash Player package that fixes a security issue is now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in. A security flaw was found in the way Flash Player displayed certain SWF (Shockwave Flash) content. This may have made it possible to execute arbitrary code on a victim's machine, if the victim opened a malicious Adobe Flash file. (CVE-2008-5499) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.0.15.3 for users of Red Hat Enterprise Linux 5 Supplementary, and 9.0.152.0 for users of Red Hat Enterprise 3 and 4 Extras.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 40736
    published 2009-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40736
    title RHEL 3 / 4 / 5 : flash-plugin (RHSA-2008:1047)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200903-23.NASL
    description The remote host is affected by the vulnerability described in GLSA-200903-23 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard() allows ActionScript programs to execute the method without user interaction (CVE-2008-3873). The access scope of FileReference.browse() and FileReference.download() allows ActionScript programs to execute the methods without user interaction (CVE-2008-4401). The Settings Manager controls can be disguised as normal graphical elements. This so-called 'clickjacking' vulnerability was disclosed by Robert Hansen of SecTheory, Jeremiah Grossman of WhiteHat Security, Eduardo Vela, Matthew Mastracci of DotSpots, and Liu Die Yu of TopsecTianRongXin (CVE-2008-4503). Adan Barth (UC Berkely) and Collin Jackson (Stanford University) discovered a flaw occurring when interpreting HTTP response headers (CVE-2008-4818). Nathan McFeters and Rob Carter of Ernst and Young's Advanced Security Center are credited for finding an unspecified vulnerability facilitating DNS rebinding attacks (CVE-2008-4819). When used in a Mozilla browser, Adobe Flash Player does not properly interpret jar: URLs, according to a report by Gregory Fleischer of pseudo-flaw.net (CVE-2008-4821). Alex 'kuza55' K. reported that Adobe Flash Player does not properly interpret policy files (CVE-2008-4822). The vendor credits Stefano Di Paola of Minded Security for reporting that an ActionScript attribute is not interpreted properly (CVE-2008-4823). Riley Hassell and Josh Zelonis of iSEC Partners reported multiple input validation errors (CVE-2008-4824). The aforementioned researchers also reported that ActionScript 2 does not verify a member element's size when performing several known and other unspecified actions, that DefineConstantPool accepts an untrusted input value for a 'constant count' and that character elements are not validated when retrieved from a data structure, possibly resulting in a NULL pointer dereference (CVE-2008-5361, CVE-2008-5362, CVE-2008-5363). The vendor reported an unspecified arbitrary code execution vulnerability (CVE-2008-5499). Liu Die Yu of TopsecTianRongXin reported an unspecified flaw in the Settings Manager related to 'clickjacking' (CVE-2009-0114). The vendor credits Roee Hay from IBM Rational Application Security for reporting an input validation error when processing SWF files (CVE-2009-0519). Javier Vicente Vallejo reported via the iDefense VCP that Adobe Flash does not remove object references properly, leading to a freed memory dereference (CVE-2009-0520). Josh Bressers of Red Hat and Tavis Ormandy of the Google Security Team reported an untrusted search path vulnerability (CVE-2009-0521). Impact : A remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in the execution of arbitrary code with the privileges of the user or a Denial of Service (crash). Furthermore a remote attacker could gain access to sensitive information, disclose memory contents by enticing a user to open a specially crafted PDF file inside a Flash application, modify the victim's clipboard or render it temporarily unusable, persuade a user into uploading or downloading files, bypass security restrictions with the assistance of the user to gain access to camera and microphone, conduct Cross-Site Scripting and HTTP Header Splitting attacks, bypass the 'non-root domain policy' of Flash, and gain escalated privileges. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 35904
    published 2009-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35904
    title GLSA-200903-23 : Adobe Flash Player: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_FLASH-PLAYER-081218.NASL
    description An unspecified vulnerability in flash-player allowed attackers to take control of the victim's system by having the victim load a specially crafted SWF file (CVE-2008-5499).
    last seen 2019-02-21
    modified 2015-01-15
    plugin id 39961
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39961
    title openSUSE Security Update : flash-player (flash-player-378)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FLASH-PLAYER-5877.NASL
    description An unspecified vulnerability in flash-player allowed attackers to take control of the victim's system by having the victim load a specially crafted SWF file. (CVE-2008-5499)
    last seen 2019-02-21
    modified 2015-01-15
    plugin id 51729
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51729
    title SuSE 10 Security Update : flash-player (ZYPP Patch Number 5877)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_FLASH-PLAYER-081218.NASL
    description An unspecified vulnerability in flash-player allowed attackers to take control of the victim's system by having the victim load a specially crafted SWF file (CVE-2008-5499).
    last seen 2019-02-21
    modified 2015-01-15
    plugin id 40215
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40215
    title openSUSE Security Update : flash-player (flash-player-378)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FLASH-PLAYER-5878.NASL
    description An unspecified vulnerability in flash-player allowed attackers to take control of the victim's system by having the victim load a specially crafted SWF file (CVE-2008-5499).
    last seen 2019-02-21
    modified 2015-01-15
    plugin id 35246
    published 2008-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35246
    title openSUSE 10 Security Update : flash-player (flash-player-5878)
packetstorm via4
data source https://packetstormsecurity.com/files/download/112009/adobe_flashplayer_aslaunch.rb.txt
id PACKETSTORM:112009
last seen 2016-12-05
published 2012-04-20
reporter 0a29406d9794e4f9b30b3c5d6702c708
source https://packetstormsecurity.com/files/112009/Adobe-Flash-Player-ActionScript-Launch-Command-Execution.html
title Adobe Flash Player ActionScript Launch Command Execution
redhat via4
advisories
rhsa
id RHSA-2008:1047
refmap via4
bid 32896
confirm http://www.adobe.com/support/security/bulletins/apsb08-24.html
gentoo GLSA-200903-23
osvdb 50796
sectrack 1021458
secunia
  • 33221
  • 33267
  • 33294
  • 34226
suse SUSE-SA:2008:059
vupen ADV-2008-3449
xf flashplayer-swf-code-execution-var1(47445)
saint via4
bid 32896
description Adobe Flash Player ActionScript launch command execution
id misc_flash
osvdb 50796
title flash_actionscript_launch
type client
Last major update 10-07-2012 - 00:00
Published 17-12-2008 - 19:30
Last modified 07-08-2017 - 21:33
Back to Top