Vulnerability Name:

CVE-2008-1201 (CCN-41327)

Assigned:2008-03-19
Published:2008-03-19
Updated:2017-08-08
Summary:Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Windows allow user-assisted remote attackers to execute arbitrary code via a crafted .FLA file.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
CWE-94
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-1201

Source: CCN
Type: ruder's blog, 2008-03-20
Adobe Flash CS3 Pro FLA Parsing Vuls

Source: MISC
Type: UNKNOWN
http://ruder.cdut.net/blogview.asp?logID=241

Source: CCN
Type: SA29455
Adobe Flash FLA File Parsing Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
29455

Source: CCN
Type: SECTRACK ID: 1019681
Adobe Flash Professional/Basic Bug in Parsing FLA Files Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: Adobe Product Security Advisory APSA08-03
Potential vulnerability in Flash CS3 Professional, Flash Professional 8 and Flash Basic 8

Source: CONFIRM
Type: UNKNOWN
http://www.adobe.com/support/security/advisories/apsa08-03.html

Source: MISC
Type: UNKNOWN
http://www.fortiguardcenter.com/advisory/FGA-2008-07.html

Source: CCN
Type: OSVDB ID: 43437
Adobe Flash FLA File Parsing Arbitrary Code Execution

Source: BID
Type: UNKNOWN
28349

Source: CCN
Type: BID-28349
Adobe Flash FLA File Processing Remote Code Execution Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1019681

Source: VUPEN
Type: UNKNOWN
ADV-2008-0948

Source: XF
Type: UNKNOWN
adobe-flash-fla-code-execution(41327)

Source: XF
Type: UNKNOWN
adobe-flash-fla-code-execution(41327)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:flash:basic:8:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash:professional:8:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash:professional:cs3:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:flash:professional:8:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_cs3:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash:basic:8:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    adobe flash basic 8
    adobe flash professional 8
    adobe flash professional cs3
    adobe flash professional 8
    adobe flash cs3 9.0
    adobe flash basic 8