Code injection in Adobe Flash Player - CVE-2008-3873
Published: December 15, 2016 / Updated: March 7, 2017
Vulnerability identifier: #VU1325
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2008-3873
CWE-ID: CWE-94
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Adobe
Affected software:
Adobe Flash Player
Adobe Flash Player
Detailed vulnerability description
The vulnerability allows a remote attacker to hijack the clipboard on the target system.
The weakness exists due to error in the setClipboard() function. By persuading a victim view a specially crafted shockwave file, an attacker could exploit this vulnerability to insert persistent data into the clipboard.
Successful exploitation of the vulnerability results in modification of data on the vulnerable system.
Note: the vulnerability was being actively exploited.
The weakness exists due to error in the setClipboard() function. By persuading a victim view a specially crafted shockwave file, an attacker could exploit this vulnerability to insert persistent data into the clipboard.
Successful exploitation of the vulnerability results in modification of data on the vulnerable system.
Note: the vulnerability was being actively exploited.