CVE-2008-4820 — Sensitive Information Exposure in Adobe AIR

CWE-200 — Sensitive Information Exposure4 documents2 sources

Severity

7.1HIGHNVD

EPSS

5.5%

top 9.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe AIR Adobe Flash Player

Timeline

PublishedNov 10

Latest updateMay 14

Description

Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors.

CVSS vector

AV:N/AC:M/C:C/I:N/A:NExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

▶NVDadobe/flash_player9.0.124.0+39

▶NVDadobe/adobe_air1.5.2+4

Patches

Patch: www.adobe.com ↗Patch: www.securityfocus.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-43v9-5jqv-2894: Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9↗2022-05-14

▶

GHSA

GHSA-jw8f-j76p-rv4j: Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10↗2022-05-02

▶