CVE-2008-4823

EUVD-2008-4802
Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
adobeflash_player
𝑥
≤ 9.0.124.0
adobeflash_player
7.0.69.0
adobeflash_player
8.0.39.0
adobeflash_player
9.0
adobeflash_player
9.0.16
adobeflash_player
9.0.16
adobeflash_player
9.0.18d60:d60
adobeflash_player
9.0.20
adobeflash_player
9.0.20.0
adobeflash_player
9.0.28
adobeflash_player
9.0.28.0
adobeflash_player
9.0.28.0
adobeflash_player
9.0.31
adobeflash_player
9.0.31.0
adobeflash_player
9.0.45.0
adobeflash_player
9.0.47.0
adobeflash_player
9.0.48.0
adobeflash_player
9.0.112.0
adobeflash_player
9.0.114.0
adobeflash_player
9.0.115.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
flashplugin-nonfree
dapper
ignored
gutsy
ignored
hardy
Fixed 9.0.246.0ubuntu1
released
intrepid
Fixed 10.0.32.18ubuntu0.8.10.1
released
jaunty
Fixed 10.0.32.18ubuntu0.9.04.1
released
karmic
Fixed 10.0.32.18ubuntu1
released
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html
http://secunia.com/advisories/32702
http://secunia.com/advisories/33179
http://secunia.com/advisories/33390
http://secunia.com/advisories/34226
http://security.gentoo.org/glsa/glsa-200903-23.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
http://support.apple.com/kb/HT3338
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=
http://www.adobe.com/support/security/bulletins/apsb08-20.html
http://www.redhat.com/support/errata/RHSA-2008-0980.html
http://www.securityfocus.com/bid/32129
http://www.securitytracker.com/id?1021151
http://www.us-cert.gov/cas/techalerts/TA08-350A.html
http://www.vupen.com/english/advisories/2008/3444
http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html
http://secunia.com/advisories/32702
http://secunia.com/advisories/33179
http://secunia.com/advisories/33390
http://secunia.com/advisories/34226
http://security.gentoo.org/glsa/glsa-200903-23.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
http://support.apple.com/kb/HT3338
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=
http://www.adobe.com/support/security/bulletins/apsb08-20.html
http://www.redhat.com/support/errata/RHSA-2008-0980.html
http://www.securityfocus.com/bid/32129
http://www.securitytracker.com/id?1021151
http://www.us-cert.gov/cas/techalerts/TA08-350A.html
http://www.vupen.com/english/advisories/2008/3444