Vulnerability Name:

CVE-2008-5499 (CCN-47445)

Assigned:2008-12-17
Published:2008-12-17
Updated:2017-08-08
Summary:Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-94
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-5499

Source: CCN
Type: Adobe TechNote: kb406791
Flash Player 9 for Unsupported Operating Systems

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:059

Source: OSVDB
Type: UNKNOWN
50796

Source: CCN
Type: Packetstorm Security Website
Adobe Flash Player ActionScript Launch Command Execution

Source: CCN
Type: RHSA-2008-1047
Critical: flash-plugin security update

Source: CCN
Type: SA33221
Adobe Flash Player for Linux SWF Processing Vulnerability

Source: SECUNIA
Type: UNKNOWN
33221

Source: SECUNIA
Type: UNKNOWN
33267

Source: SECUNIA
Type: Vendor Advisory
33294

Source: SECUNIA
Type: UNKNOWN
34226

Source: GENTOO
Type: UNKNOWN
GLSA-200903-23

Source: CCN
Type: SECTRACK ID: 1021458
Adobe Flash Player for Linux Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: ASA-2008-512
flash-plugin security update (RHSA-2008-1047)

Source: CCN
Type: Adobe Product Security Bulletin APSB08-24
Security update available for Linux Flash Player 10.0.12.36 and Linux Flash Player 9.0.151.0

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb08-24.html

Source: CCN
Type: GLSA-200903-23
Adobe Flash Player: Multiple vulnerabilities

Source: CCN
Type: OSVDB ID: 50796
Adobe Flash Player on Linux SWF File Handling Arbitrary Code Execution

Source: REDHAT
Type: UNKNOWN
RHSA-2008:1047

Source: BID
Type: UNKNOWN
32896

Source: CCN
Type: BID-32896
Adobe Flash Player Remote Command Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021458

Source: CCN
Type: TLSA-2008-44
A critical vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2008-3449

Source: XF
Type: UNKNOWN
flash-linux-swf-code-execution(47445)

Source: XF
Type: UNKNOWN
flashplayer-swf-code-execution-var1(47445)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [04-20-2012]

Source: SUSE
Type: SUSE-SA:2008:059
flash-player code execution problem

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:flash_player_for_linux:9.0.31:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player_for_linux:9.0.48.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player_for_linux:9.0.115.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player_for_linux:9.0.124.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:* (Version <= 9.0.151.0)
  • OR cpe:/a:adobe:flash_player_for_linux:10.0.12.36:*:*:*:*:*:*:*
  • AND
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:adobe:flash_player_for_linux:9.0.115.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20085499
    V
    CVE-2008-5499
    2015-11-16
    oval:org.mitre.oval:def:22605
    P
    ELSA-2008:1047: flash-plugin security update (Critical)
    2014-05-26
    oval:com.redhat.rhsa:def:20081047
    P
    RHSA-2008:1047: flash-plugin security update (Critical)
    2008-12-19
    BACK
    adobe flash player for linux 9.0.31
    adobe flash player for linux 9.0.48.0
    adobe flash player for linux 9.0.115.0
    adobe flash player for linux 9.0.124.0
    adobe flash player for linux *
    adobe flash player for linux 10.0.12.36
    linux linux kernel *
    adobe flash playe for linux 9.0.115.0
    adobe flash player 7.0.70.0
    adobe flash player 8.0.34.0
    adobe flash player 8.0.35.0
    adobe flash player 9.0.45.0
    adobe flash player 9.0.47.0
    adobe flash player 9.0.48.0
    adobe flash player 7.0.69.0
    adobe flash player 9.0.115.0
    adobe flash player 9.0.28.0
    adobe flash player 9.0.31.0
    adobe flash player 7.0
    adobe flash player 9.0.124.0
    adobe flash player 10
    adobe flash player 10.0.12.36
    adobe flash player 9.0.151.0
    gentoo linux *
    suse suse linux 9.0
    novell linux desktop 9
    redhat rhel extras 3
    redhat rhel extras 4
    turbolinux turbolinux fuji
    turbolinux turbolinux personal *
    novell opensuse 10.3
    novell opensuse 11.0