Vulnerability CVE-2008-3873

Vulnerability Name:

CVE-2008-3873 (CCN-44584)

Assigned:

2008-08-18

Published:

2008-08-18

Updated:

2017-08-08

Summary:

The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.4 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.9 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:P)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:P/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Other

References:

Vulnerable Configuration:

Configuration 1:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:8.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:7.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_89::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_89::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_95::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_95::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_88::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_88::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_87::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_86::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_86::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_87::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_100::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_100::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_102::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_102::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_91::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_91::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_90::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_90::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_101::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_101::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_92::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_93::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_94::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_99::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_98::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_97::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_96::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_94::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_93::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_99::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_97::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_98::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_96::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_103::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_103::x86:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20083873	V	CVE-2008-3873	2015-11-16
oval:org.mitre.oval:def:22730	P	ELSA-2008:0945: flash-plugin security update (Critical)	2014-05-26
oval:com.redhat.rhsa:def:20080945	P	RHSA-2008:0945: flash-plugin security update (Critical)	2008-11-18

BACK