SB2008081801 - Code injection in Adobe Flash Player

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2008081801

SB2008081801 - Code injection in Adobe Flash Player

Published: August 18, 2008 Updated: December 15, 2016

Security Bulletin ID SB2008081801
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Code injection (CVE-ID: CVE-2008-3873)

The vulnerability allows a remote attacker to hijack the clipboard on the target system.

The weakness exists due to error in the setClipboard() function. By persuading a victim view a specially crafted shockwave file, an attacker could exploit this vulnerability to insert persistent data into the clipboard.

Successful exploitation of the vulnerability results in modification of data on the vulnerable system.

Note: the vulnerability was being actively exploited.

Remediation

Install update from vendor's website.

References