Vulnerability-Lookup

CVE-2008-4822 (GCVE-0-2008-4822)

Vulnerability from cvelistv5 – Published: 2008-11-10 11:00 – Updated: 2024-08-07 10:31

Summary

Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://support.nortel.com/go/main.jsp?cscat=BLTND…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/32129	vdb-entryx_refsource_BID
	http://secunia.com/advisories/33390	third-party-advisoryx_refsource_SECUNIA
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/3444	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/32702	third-party-advisoryx_refsource_SECUNIA
	http://www.us-cert.gov/cas/techalerts/TA08-350A.html	third-party-advisoryx_refsource_CERT
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	http://secunia.com/advisories/33179	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/34226	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1021150	vdb-entryx_refsource_SECTRACK
	http://security.gentoo.org/glsa/glsa-200903-23.xml	vendor-advisoryx_refsource_GENTOO
	http://support.apple.com/kb/HT3338	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2008-09…	vendor-advisoryx_refsource_REDHAT
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:31:27.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
          },
          {
            "name": "32129",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32129"
          },
          {
            "name": "33390",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33390"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
          },
          {
            "name": "ADV-2008-3444",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3444"
          },
          {
            "name": "32702",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32702"
          },
          {
            "name": "TA08-350A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
          },
          {
            "name": "33179",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33179"
          },
          {
            "name": "34226",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34226"
          },
          {
            "name": "1021150",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021150"
          },
          {
            "name": "GLSA-200903-23",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3338"
          },
          {
            "name": "RHSA-2008:0980",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
          },
          {
            "name": "APPLE-SA-2008-12-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
          },
          {
            "name": "adobe-flash-domainpolicy-security-bypass(46535)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46535"
          },
          {
            "name": "248586",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-11-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
        },
        {
          "name": "32129",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32129"
        },
        {
          "name": "33390",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33390"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
        },
        {
          "name": "ADV-2008-3444",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3444"
        },
        {
          "name": "32702",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32702"
        },
        {
          "name": "TA08-350A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
        },
        {
          "name": "33179",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33179"
        },
        {
          "name": "34226",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34226"
        },
        {
          "name": "1021150",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021150"
        },
        {
          "name": "GLSA-200903-23",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3338"
        },
        {
          "name": "RHSA-2008:0980",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
        },
        {
          "name": "APPLE-SA-2008-12-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
        },
        {
          "name": "adobe-flash-domainpolicy-security-bypass(46535)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46535"
        },
        {
          "name": "248586",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4822",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid=",
              "refsource": "CONFIRM",
              "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
            },
            {
              "name": "32129",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32129"
            },
            {
              "name": "33390",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33390"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
            },
            {
              "name": "ADV-2008-3444",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3444"
            },
            {
              "name": "32702",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32702"
            },
            {
              "name": "TA08-350A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-20.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
            },
            {
              "name": "33179",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33179"
            },
            {
              "name": "34226",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34226"
            },
            {
              "name": "1021150",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021150"
            },
            {
              "name": "GLSA-200903-23",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
            },
            {
              "name": "http://support.apple.com/kb/HT3338",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3338"
            },
            {
              "name": "RHSA-2008:0980",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
            },
            {
              "name": "APPLE-SA-2008-12-15",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
            },
            {
              "name": "adobe-flash-domainpolicy-security-bypass(46535)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46535"
            },
            {
              "name": "248586",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4822",
    "datePublished": "2008-11-10T11:00:00.000Z",
    "dateReserved": "2008-10-31T00:00:00.000Z",
    "dateUpdated": "2024-08-07T10:31:27.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-J8G5-FV8J-F45C

Vulnerability from github – Published: 2022-05-14 02:14 – Updated: 2022-05-14 02:14

Details

Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-4822"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-11-10T14:12:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.",
  "id": "GHSA-j8g5-fv8j-f45c",
  "modified": "2022-05-14T02:14:50Z",
  "published": "2022-05-14T02:14:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4822"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46535"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32702"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33179"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33390"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34226"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3338"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
    },
    {
      "type": "WEB",
      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/32129"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021150"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/3444"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2008-AVI-603

Vulnerability from certfr_avis - Published: 2008-12-17 - Updated: 2008-12-17

De nombreuses vulnérabilités découvertes dans le système d'exploitation Mac OS X permettent à un utilisateur distant de contourner la politique de sécurité, de porter atteinte à la confidentialité des données, d'élever ses privilèges, de provoquer un déni de service ou encore d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X Server version 10.4.11.
N/A	N/A	Mac OS X Server version 10.5 ;
N/A	N/A	Mac OS X version 10.5 ;
N/A	N/A	Mac OS X version 10.4.11 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple #HT3338 du 15 décembre 2008	None	vendor-advisory
Bulletin de sécurité Apple HT3338 du 15 décembre 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server version 10.4.11.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server version 10.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.4.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-4820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4820"
    },
    {
      "name": "CVE-2008-4222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4222"
    },
    {
      "name": "CVE-2008-4824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4824"
    },
    {
      "name": "CVE-2008-4237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4237"
    },
    {
      "name": "CVE-2008-4223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4223"
    },
    {
      "name": "CVE-2008-4224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4224"
    },
    {
      "name": "CVE-2008-4236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4236"
    },
    {
      "name": "CVE-2008-4217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4217"
    },
    {
      "name": "CVE-2008-3170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3170"
    },
    {
      "name": "CVE-2008-4821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4821"
    },
    {
      "name": "CVE-2008-4822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4822"
    },
    {
      "name": "CVE-2008-4819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4819"
    },
    {
      "name": "CVE-2008-3623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3623"
    },
    {
      "name": "CVE-2008-4818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4818"
    },
    {
      "name": "CVE-2008-1391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1391"
    },
    {
      "name": "CVE-2008-4823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4823"
    },
    {
      "name": "CVE-2008-4234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4234"
    }
  ],
  "initial_release_date": "2008-12-17T00:00:00",
  "last_revision_date": "2008-12-17T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3338 du 15 d\u00e9cembre 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=HT3338"
    }
  ],
  "reference": "CERTA-2008-AVI-603",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-12-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans le syst\u00e8me d\u0027exploitation\nMac OS X permettent \u00e0 un utilisateur distant de contourner la politique\nde s\u00e9curit\u00e9, de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nd\u0027\u00e9lever ses privil\u00e8ges, de provoquer un d\u00e9ni de service ou encore\nd\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple #HT3338 du 15 d\u00e9cembre 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-546

Vulnerability from certfr_avis - Published: 2008-11-07 - Updated: 2008-11-07

Plusieurs vulnérabilités ont été identifiées dans l'application Adobe Flash Player. L'exploitation de ces dernières permet de contourner la politique de sécurité de l'application (associée à celle du navigateur).

Description

Plusieurs vulnérabilités ont été identifiées dans l'application Adobe Flash Player. Certaines de ces vulnérabilités avaient été partiellement corrigées dans la branche 10. D'autres avaient été mentionnées dans le précédent avis CERTA-2008-AVI-512 et le bulletin de sécurité Adobe APSB08-18.

En particulier :

l'application n'interprète pas correctement certains en-têtes de réponses HTTP. Cette vulnérabilité peut être exploitée pour construire des attaques par injection de code indirecte (cross-site scripting) ;
il serait possible pour un code malveillant de jouer avec la gestion des noms de domaines et la politique d'origine commune mise en oeuvre par les navigateurs pour accéder à des ressources internes (DNS rebinding) ;
l'interprétation des protocoles de la forme jar: ne s'effectue pas correctement, sous certaines conditions. Cette vulnérabilité peut être exploitée pour dérober des informations de navigation par exemple.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). Les versions corrigeant ces vulnérabilités sont la 9.0.151.0 et la 10.0.12.36.

None

Impacted products

	Vendor	Product	Description
	Adobe	N/A	Adobe Flash Player 9.0.124.0 ainsi que les versions antérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB08-20 du 05 novembre 2008	None	vendor-advisory
Avis de sécurité CERTA-2008-AVI-512 :	-	other
Bulletin de sécurité Adobe apsb08-20 du 05 novembre 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player 9.0.124.0 ainsi que les versions ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans l\u0027application Adobe\nFlash Player. Certaines de ces vuln\u00e9rabilit\u00e9s avaient \u00e9t\u00e9 partiellement\ncorrig\u00e9es dans la branche 10. D\u0027autres avaient \u00e9t\u00e9 mentionn\u00e9es dans le\npr\u00e9c\u00e9dent avis CERTA-2008-AVI-512 et le bulletin de s\u00e9curit\u00e9 Adobe\nAPSB08-18.\n\nEn particulier :\n\n-   l\u0027application n\u0027interpr\u00e8te pas correctement certains en-t\u00eates de\n    r\u00e9ponses HTTP. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e pour\n    construire des attaques par injection de code indirecte (cross-site\n    scripting) ;\n-   il serait possible pour un code malveillant de jouer avec la gestion\n    des noms de domaines et la politique d\u0027origine commune mise en\n    oeuvre par les navigateurs pour acc\u00e9der \u00e0 des ressources internes\n    (DNS rebinding) ;\n-   l\u0027interpr\u00e9tation des protocoles de la forme jar: ne s\u0027effectue pas\n    correctement, sous certaines conditions. Cette vuln\u00e9rabilit\u00e9 peut\n    \u00eatre exploit\u00e9e pour d\u00e9rober des informations de navigation par\n    exemple.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). Les versions corrigeant ces\nvuln\u00e9rabilit\u00e9s sont la 9.0.151.0 et la 10.0.12.36.\n",
  "cves": [
    {
      "name": "CVE-2008-4820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4820"
    },
    {
      "name": "CVE-2008-4821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4821"
    },
    {
      "name": "CVE-2008-4822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4822"
    },
    {
      "name": "CVE-2008-4819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4819"
    },
    {
      "name": "CVE-2008-4818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4818"
    },
    {
      "name": "CVE-2008-4823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4823"
    }
  ],
  "initial_release_date": "2008-11-07T00:00:00",
  "last_revision_date": "2008-11-07T00:00:00",
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 CERTA-2008-AVI-512 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-512/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb08-20 du 05 novembre 2008 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
    }
  ],
  "reference": "CERTA-2008-AVI-546",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-11-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans l\u0027application Adobe\nFlash Player. L\u0027exploitation de ces derni\u00e8res permet de contourner la\npolitique de s\u00e9curit\u00e9 de l\u0027application (associ\u00e9e \u00e0 celle du navigateur).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB08-20 du 05 novembre 2008",
      "url": null
    }
  ]
}

GSD-2008-4822

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.

Aliases

CVE-2008-4822

Aliases

CVE-2008-4822

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-4822",
    "description": "Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.",
    "id": "GSD-2008-4822",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-4822.html",
      "https://access.redhat.com/errata/RHSA-2008:0980",
      "https://access.redhat.com/errata/RHSA-2008:0945"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-4822"
      ],
      "details": "Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.",
      "id": "GSD-2008-4822",
      "modified": "2023-12-13T01:23:00.261903Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-4822",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid=",
            "refsource": "CONFIRM",
            "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
          },
          {
            "name": "32129",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/32129"
          },
          {
            "name": "33390",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33390"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
          },
          {
            "name": "ADV-2008-3444",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/3444"
          },
          {
            "name": "32702",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32702"
          },
          {
            "name": "TA08-350A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb08-20.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
          },
          {
            "name": "33179",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33179"
          },
          {
            "name": "34226",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34226"
          },
          {
            "name": "1021150",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1021150"
          },
          {
            "name": "GLSA-200903-23",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
          },
          {
            "name": "http://support.apple.com/kb/HT3338",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3338"
          },
          {
            "name": "RHSA-2008:0980",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
          },
          {
            "name": "APPLE-SA-2008-12-15",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
          },
          {
            "name": "adobe-flash-domainpolicy-security-bypass(46535)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46535"
          },
          {
            "name": "248586",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.124.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:mac_os_x:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4822"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32129",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/32129"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-20.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
            },
            {
              "name": "1021150",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1021150"
            },
            {
              "name": "RHSA-2008:0980",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
            },
            {
              "name": "33179",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/33179"
            },
            {
              "name": "http://support.apple.com/kb/HT3338",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3338"
            },
            {
              "name": "APPLE-SA-2008-12-15",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
            },
            {
              "name": "TA08-350A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
            },
            {
              "name": "32702",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32702"
            },
            {
              "name": "248586",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
            },
            {
              "name": "33390",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/33390"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
            },
            {
              "name": "GLSA-200903-23",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
            },
            {
              "name": "34226",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34226"
            },
            {
              "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid=",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
            },
            {
              "name": "ADV-2008-3444",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/3444"
            },
            {
              "name": "adobe-flash-domainpolicy-security-bypass(46535)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46535"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2008-11-10T14:12Z"
    }
  }
}

FKIE_CVE-2008-4822

Vulnerability from fkie_nvd - Published: 2008-11-10 14:12 - Updated: 2025-04-09 00:30

Severity ?

Summary

Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html
cve@mitre.org	http://secunia.com/advisories/32702
cve@mitre.org	http://secunia.com/advisories/33179
cve@mitre.org	http://secunia.com/advisories/33390
cve@mitre.org	http://secunia.com/advisories/34226
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200903-23.xml
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
cve@mitre.org	http://support.apple.com/kb/HT3338
cve@mitre.org	http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
cve@mitre.org	http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
cve@mitre.org	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb08-20.html	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0980.html
cve@mitre.org	http://www.securityfocus.com/bid/32129	Patch
cve@mitre.org	http://www.securitytracker.com/id?1021150
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA08-350A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2008/3444
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/46535
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32702
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33179
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33390
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34226
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200903-23.xml
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3338
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
af854a3a-2127-422b-91ae-364da2661108	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb08-20.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0980.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32129	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021150
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-350A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/3444
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/46535

Impacted products

Vendor	Product	Version
adobe	flash_player	*
adobe	flash_player	7.0.69.0
adobe	flash_player	8.0.39.0
adobe	flash_player	9.0
adobe	flash_player	9.0.16
adobe	flash_player	9.0.16
adobe	flash_player	9.0.18d60
adobe	flash_player	9.0.20
adobe	flash_player	9.0.20.0
adobe	flash_player	9.0.28
adobe	flash_player	9.0.28.0
adobe	flash_player	9.0.28.0
adobe	flash_player	9.0.31
adobe	flash_player	9.0.31.0
adobe	flash_player	9.0.45.0
adobe	flash_player	9.0.47.0
adobe	flash_player	9.0.48.0
adobe	flash_player	9.0.112.0
adobe	flash_player	9.0.114.0
adobe	flash_player	9.0.115.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE43678F-7BFF-43EF-8968-B440E2BEF76F",
              "versionEndIncluding": "9.0.124.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A0777F-22C2-4FD5-BE81-8982BE6874D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:windows:*:*:*:*:*",
              "matchCriteriaId": "5A37EB65-9EDD-41B0-ABEB-8A00232D8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
              "matchCriteriaId": "600DDA9D-6440-48D1-8539-7127398A8678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:mac_os_x:*:*:*:*:*",
              "matchCriteriaId": "91A2A8EA-455E-4E26-8D4A-56925A42F559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5D52F86-2E38-4C66-9939-7603367B8D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy."
    },
    {
      "lang": "es",
      "value": "Adobe Flash Player v9.0.124.0 y anteriores no interpretan de forma adecuada los ficheros de pol\u00edticas, lo que permite a atacantes remotos saltarse la pol\u00edtica de dominio \u201cnon-root\u201d"
    }
  ],
  "id": "CVE-2008-4822",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-11-10T14:12:55.873",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32702"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33179"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33390"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34226"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3338"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/32129"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021150"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/3444"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32702"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3338"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/32129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46535"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-4822 (GCVE-0-2008-4822)

GHSA-J8G5-FV8J-F45C

CERTA-2008-AVI-603

Solution

CERTA-2008-AVI-546

Description

Solution

GSD-2008-4822

FKIE_CVE-2008-4822

Tags

Sightings

Nomenclature