fkie_cve-2008-4546
Vulnerability from fkie_nvd
Published
2008-10-14 15:28
Modified
2025-04-09 00:30
Severity ?
Summary
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
References
cve@mitre.orghttp://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
cve@mitre.orghttp://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
cve@mitre.orghttp://secunia.com/advisories/32759
cve@mitre.orghttp://secunia.com/advisories/40545
cve@mitre.orghttp://secunia.com/advisories/43026
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-201101-09.xml
cve@mitre.orghttp://securityreason.com/securityalert/4401
cve@mitre.orghttp://securitytracker.com/id?1024085
cve@mitre.orghttp://securitytracker.com/id?1024086
cve@mitre.orghttp://support.apple.com/kb/HT4435
cve@mitre.orghttp://www.adobe.com/support/security/bulletins/apsb10-14.html
cve@mitre.orghttp://www.mochimedia.com/~matthew/flashcrash/Exploit
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2010-0464.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2010-0470.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/496929/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/31537
cve@mitre.orghttp://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA10-162A.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1421
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1432
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1434
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1453
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1482
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1522
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1793
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0192
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/45630
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187
af854a3a-2127-422b-91ae-364da2661108http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
af854a3a-2127-422b-91ae-364da2661108http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32759
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40545
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43026
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201101-09.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/4401
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1024085
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1024086
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4435
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb10-14.html
af854a3a-2127-422b-91ae-364da2661108http://www.mochimedia.com/~matthew/flashcrash/Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0464.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0470.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/496929/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31537
af854a3a-2127-422b-91ae-364da2661108http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA10-162A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1421
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1432
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1434
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1453
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1482
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1522
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1793
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0192
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/45630
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187
Impacted products
Vendor Product Version
adobe flash_player 9.0.45.0
adobe flash_player 9.0.112.0
adobe flash_player 9.0.115.0
adobe flash_player 10.0.12.10


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "63313ADA-3C52-47C8-9745-6BF6AEF0F6AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers."
    },
    {
      "lang": "es",
      "value": "Adobe Flash Player 9.0.45.0, 9.0.112.0, 9.0.124.0, y 10.0.12.10 permite a los servidores web remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo y finalizaci\u00f3n de la aplicaci\u00f3n) devolviendo una respuesta inapropiada cuando una solicitud HTTP se env\u00eda por segunda vez, como lo demuestran las respuestas que proporcionan dos ficheros SWF con n\u00fameros de versi\u00f3n SWF diferentes."
    }
  ],
  "id": "CVE-2008-4546",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-10-14T15:28:16.723",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32759"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/40545"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/43026"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4401"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1024085"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1024086"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT4435"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.mochimedia.com/~matthew/flashcrash/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/496929/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31537"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/1421"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/1432"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/1434"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/1453"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/1482"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/1522"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/1793"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0192"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45630"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/40545"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1024085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1024086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4435"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.mochimedia.com/~matthew/flashcrash/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/496929/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1421"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1482"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.