Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5499

CWE-94 — Code Injection6 documents6 sources

Severity

9.3CRITICAL

EPSS

90.6%

top 0.39%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Adobe Flash Player FOR Linux

Timeline

PublishedDec 18

Latest updateMay 17

Description

Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDadobe/flash_player9.0.151.0+5

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-jmfj-rgc6-43mh: Unspecified vulnerability in Adobe Flash Player for Linux 10↗2022-05-17

▶

CVEList

CVE-2008-5499: Unspecified vulnerability in Adobe Flash Player for Linux 10↗2008-12-18

▶

💥Exploits & PoCs

Exploit-DB

Adobe Flash Player - ActionScript Launch Command Execution (Metasploit)↗2012-04-20

▶

📋Vendor Advisories

Red Hat

flash-plugin: Linux-specific code execution flaw via crafted SWF file↗2008-12-17

▶

💬Community

Bugzilla

CVE-2008-5499 flash-plugin: Linux-specific code execution flaw via crafted SWF file↗2008-12-12

▶