Oval Definition:oval:org.mitre.oval:def:7187
Revision Date:2015-08-03Version:51
Title:Adobe Flash Player SWF Version Null Pointer Dereference Denial of Service Vulnerability
Description:Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-4546
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Adobe AIR
Adobe Flash Player
Definition Synopsis
  • Vulnerable version of Adobe AIR
  • Adobe AIR is installed
  • AND Check if Adobe AIR version is less than or equal 1.5.3.9130
  • OR Vulnerable version of Adobe Flash Player
  • Adobe Flash Player before 9.0.277.0 installed
  • Adobe Flash Player is installed
  • AND Adobe Flash Player version installed on the system is less than 9.0.277.0
  • OR Adobe Flash Player 10.x through 10.0.45.2 installed
  • Adobe Flash Player 10 is installed
  • AND Adobe Flash Player version installed on the system is less than or equal 10.0.45.2
  • OR Flash.ocx section
  • ActiveX Control is installed
  • AND Flash.ocx versions section
  • Flash.ocx 10 section
  • Determine if the version of Flash.ocx is less than or equal 10.0.45.2
  • AND Determine if the version of Flash.ocx is greater than or equal 10.0
  • OR Flash.ocx 9 section
  • Determine if the version of Flash.ocx is less than 9.0.277.0
  • AND Determine if the version of Flash.ocx is greater than or equal 9.0
  • BACK