CVE-2008-3873 - The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows re

CVE-2008-3873

Summary

The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.

References

Vulnerable Configurations

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 08-08-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

redhat via4

advisories

rhsa
id RHSA-2008:0945
rhsa
id RHSA-2008:0980

rpms

flash-plugin-0:10.0.12.36-2.el5
flash-plugin-0:9.0.151.0-1.el3.with.oss
flash-plugin-0:9.0.151.0-1.el4

refmap via4

bid	31117
confirm	http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid= http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html http://www.adobe.com/support/security/bulletins/apsb08-18.html
gentoo	GLSA-200903-23
misc	http://blogs.zdnet.com/security/?p=1733 http://blogs.zdnet.com/security/?p=1759
sectrack	1020724
secunia	32448 32702 32759 33390 34226
sunalert	248586
suse	SUSE-SR:2008:025
vupen	ADV-2008-2838
xf	adobe-flash-setclipboard-hijacking(44584)

Last major update

08-08-2017 - 01:32

Published

29-08-2008 - 17:41

Last modified

08-08-2017 - 01:32