FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-4546

This CVE name corresponds to:

Entered Topic
2010-06-14 linux-flashplugin -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-4546 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-4546
Phase Assigned(20081014)

Description

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.

References

Source Reference
BUGTRAQ 20081002 Adobe Flash Player plug-in null pointer dereference and browser crash
MISC http://www.mochimedia.com/~matthew/flashcrash/
CONFIRM http://www.adobe.com/support/security/bulletins/apsb10-14.html
CONFIRM http://support.apple.com/kb/HT4435
APPLE APPLE-SA-2010-11-10-1
GENTOO GLSA-201101-09
HP HPSBMA02547
HP SSRT100179
REDHAT RHSA-2010:0464
REDHAT RHSA-2010:0470
SUSE SUSE-SR:2008:025
SUSE SUSE-SA:2010:024
SUSE SUSE-SR:2010:013
TURBO TLSA-2010-19
CERT TA10-162A
BID 31537
OVAL oval:org.mitre.oval:def:7187
OVAL oval:org.mitre.oval:def:16302
SECTRACK 1024085
SECTRACK 1024086
SECUNIA 32759
SECUNIA 40545
SECUNIA 43026
SREASON 4401
VUPEN ADV-2010-1453
VUPEN ADV-2010-1421
VUPEN ADV-2010-1432
VUPEN ADV-2010-1434
VUPEN ADV-2010-1482
VUPEN ADV-2010-1522
VUPEN ADV-2010-1793
VUPEN ADV-2011-0192
XF adobe-flash-version-dos(45630)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.