Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3873

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3873
Last Modified 07 Mar 2011 10:11:33
Published 29 Aug 2008 01:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3873

Summary

The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.

Vulnerable Systems

Application

  • Adobe Flash Player


References

XF - adobe-flash-setclipboard-hijacking(44584)

VUPEN - ADV-2008-2838

BID - 31117

REDHAT - RHSA-2008:0980

REDHAT - RHSA-2008:0945

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb08-18.html

CONFIRM - http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html

CONFIRM - http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm

SUNALERT - 248586

SECTRACK - 1020724

GENTOO - GLSA-200903-23

SECUNIA - 34226

SECUNIA - 33390

SECUNIA - 32759

SECUNIA - 32702

SECUNIA - 32448

SUSE - SUSE-SR:2008:025

MISC - http://blogs.zdnet.com/security/?p=1759

MISC - http://blogs.zdnet.com/security/?p=1733

CONFIRM - http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html

Related Patches

Adobe Flash Player 10.0.12.36 for Mac OS X (PPC) (Rev 2)


Last Updated: 27 May 2016 10:48:20