FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-3873

This CVE name corresponds to:

Entered Topic
2008-10-17 linux-flashplugin -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-3873
Phase Assigned(20080829)

Description

The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.

References

Source Reference
MISC http://blogs.zdnet.com/security/?p=1733
MISC http://blogs.zdnet.com/security/?p=1759
CONFIRM http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html
CONFIRM http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
CONFIRM http://www.adobe.com/support/security/bulletins/apsb08-18.html
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
CONFIRM http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=
GENTOO GLSA-200903-23
REDHAT RHSA-2008:0945
REDHAT RHSA-2008:0980
SUNALERT 248586
SUSE SUSE-SR:2008:025
BID 31117
SECUNIA 34226
VUPEN ADV-2008-2838
SECTRACK 1020724
SECUNIA 32448
SECUNIA 32759
SECUNIA 32702
SECUNIA 33390
XF adobe-flash-setclipboard-hijacking(44584)