Main Vulnerability Database Vulnerabilities #VU3117

#VU3117 Denial of service in Adobe Flash Player and Adobe AIR - CVE-2008-4546

Published: January 3, 2017 / Updated: November 22, 2018

Vulnerability identifier: #VU3117

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2008-4546

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Adobe Flash Player
Adobe AIR

Software vendor:
Adobe

Description

The vulnerability allows a remote attacker to cause denial of service.

The vulnerability exists due to unknown error when processing .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, and cause denial of service conditions.

Remediation

Install the latest version from vendor's website. The vulnerability is fixed in the following versions:

Flash Player 10.1.53.64
AIR 2.0.2.12610
Flash Professional CS5 10.1.53.64
Flash CS4 Professional and Flex 4 10.1.53.64
Flash CS3 Professional and Flex 3 9.0.277.0

External links

http://www.adobe.com/support/security/bulletins/apsb10-14.html

#VU3117 Denial of service in Adobe Flash Player and Adobe AIR - CVE-2008-4546

Description

Remediation

External links

Please verify you're human