cbcvebase.
CVE-2008-5499
published 2008-12-18

CVE-2008-5499: Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a…

PriorityP272critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
79.43%
99.6th percentile
Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.

Affected

6 ranges
VendorProductVersion rangeFixed in
adobeflash_player_for_linux<= 9.0.151.0
adobeflash_player_for_linux
adobeflash_player_for_linux
adobeflash_player_for_linux
adobeflash_player_for_linux
adobeflash_player_for_linux

Detection & IOCsextracted from sources · hover to see the quote

pathdata/exploits/CVE-2008-5499.swf
otherContent-Type: application/x-shockwave-flash
  • Exploit delivery involves serving a crafted .swf file over HTTP with Content-Type 'application/x-shockwave-flash'; monitor for browser requests fetching .swf resources followed by .txt payload retrieval from the same host.
  • A secondary HTTP request for a .txt URI is used to deliver the shell payload; detect sequential browser requests to the same origin for a .swf then a .txt resource as an indicator of this exploit chain.
  • The vulnerability is triggered via shell metacharacters in arguments to the ActionScript 'launch' method inside a SWF file; inspect SWF content for ActionScript launch calls containing shell metacharacters.
  • Adobe AIR must be installed on the victim system for exploitation to succeed; presence of AIR combined with Flash Player versions 10.0.12.36 or 9.0.151.0 and prior on Linux indicates a vulnerable target.
  • ·Exploit only affects Adobe Flash Player on Linux; Windows and macOS Flash Player versions are not impacted by this specific vulnerability.
  • ·The Metasploit module uses HTTP gzip compression and chunked transfer encoding by default, which may affect network-level detection signatures.
  • ·The exploit payload architecture is unix command execution (ARCH_CMD); payloads are delivered as plaintext via a secondary .txt HTTP response.

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.