CVE-2008-4821 — Sensitive Information Exposure in Adobe Flash Player

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

5.7%

top 9.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player

Timeline

PublishedNov 10

Latest updateMay 14

Description

Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDadobe/flash_player9.0.124.0+17

Patches

Patch: www.adobe.com ↗Patch: www.securityfocus.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-r68f-43vp-85x9: Adobe Flash Player 9↗2022-05-14

▶

📋Vendor Advisories

Red Hat

jar: protocol handler↗2008-11-05

▶

💬Community

Bugzilla

CVE-2008-4821 Flash Player jar: protocol handler↗2008-11-05

▶