Vulnerability Description
Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.
CVSS Score
9.3
HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Flash Player | cs3 |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32246Vendor Advisory
- http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Author
- http://securityreason.com/securityalert/4429
- http://securitytracker.com/id?1021060
- http://www.adobe.com/support/security/advisories/apsa08-09.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/497397/100/0/threaded
- http://www.securityfocus.com/bid/31769
- http://www.vupen.com/english/advisories/2008/2837
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45914
- http://secunia.com/advisories/32246Vendor Advisory
- http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Author
- http://securityreason.com/securityalert/4429
- http://securitytracker.com/id?1021060
- http://www.adobe.com/support/security/advisories/apsa08-09.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/497397/100/0/threaded
FAQ
What is CVE-2008-4473?
CVE-2008-4473 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.
How severe is CVE-2008-4473?
CVE-2008-4473 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4473?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Microsoft Windows.