CVE-2008-4822Permissive Cross-domain Security Policy with Untrusted Domains in Adobe Flash Player

CWE-264CWE-942Permissive Cross-domain Security Policy with Untrusted Domains5 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
21.4%
top 4.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Flash Player
Timeline
PublishedNov 10
Latest updateMay 14

Description

Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDadobe/flash_player9.0.124.0+17

Patches

Patch: www.adobe.comPatch: www.securityfocus.comPatch: www.adobe.com

🔴Vulnerability Details

1
GHSA
GHSA-j8g5-fv8j-f45c: Adobe Flash Player 92022-05-14

📋Vendor Advisories

1
Red Hat
Flash Player policy file interpretation flaw2008-11-05

📐Framework References

1
CWE
Permissive Cross-domain Security Policy with Untrusted Domains

💬Community

1
Bugzilla
CVE-2008-4822 Flash Player policy file interpretation flaw2008-11-05