Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4546Adobe Flash Player vulnerability

CWE-3996 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
35.5%
top 2.93%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Flash Player
Timeline
PublishedOct 14
Latest updateMay 2

Description

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDadobe/flash_player4 versions+3

🔴Vulnerability Details

1
GHSA
GHSA-5xqh-j4c7-9pg5: Adobe Flash Player before 92022-05-02

💥Exploits & PoCs

1
Exploit-DB
Adobe Flash Player 9/10 - SWF Version Null Pointer Dereference Denial of Service2008-10-02

📋Vendor Advisories

1
Red Hat
flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL2008-10-02

💬Community

2
Bugzilla
flash-plugin: multiple security flaws (APSB10-14)2010-06-10
Bugzilla
CVE-2008-4546 flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL2008-10-15