Vulnerability Details : CVE-2008-5499
Public exploit exists!
Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2008-5499
Probability of exploitation activity in the next 30 days: 96.89%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2008-5499
-
Adobe Flash Player ActionScript Launch Command Execution Vulnerability
Disclosure Date: 2008-12-17First seen: 2020-04-26exploit/linux/browser/adobe_flashplayer_aslaunchThis module exploits a vulnerability in Adobe Flash Player for Linux, version 10.0.12.36 and 9.0.151.0 and prior. An input validation vulnerability allows command execution when the browser loads a SWF file which contains shell metacharacters in the arguments
CVSS scores for CVE-2008-5499
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-5499
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-5499
-
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html
-
http://www.redhat.com/support/errata/RHSA-2008-1047.html
-
http://www.adobe.com/support/security/bulletins/apsb08-24.html
Adobe - Security Advisories : APSB08-24 - Security update available for Linux Flash Player 10.0.12.36 and Linux Flash Player 9.0.151.0Patch;Vendor Advisory
-
http://www.securitytracker.com/id?1021458
-
http://www.vupen.com/english/advisories/2008/3449
- http://security.gentoo.org/glsa/glsa-200903-23.xml
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/47445
-
http://www.securityfocus.com/bid/32896
Adobe Flash Player Remote Command Execution Vulnerability
Products affected by CVE-2008-5499
- cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player_for_linux:10.0.12.36:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player_for_linux:9.0.124.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player_for_linux:9.0.115.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player_for_linux:9.0.48.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player_for_linux:9.0.31:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel