Rapid7 Vulnerability & Exploit Database

Security update for Adobe AIR (CVE-2008-4546)

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Security update for Adobe AIR (CVE-2008-4546)

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:P)

Published

10/14/2008

Created

07/25/2018

Added

03/21/2012

Modified

10/08/2015

Description

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.

Solution(s)

adobe-air-upgrade-latest

References

https://attackerkb.com/topics/cve-2008-4546
APPLE-SA-2010-11-10-1
31537
TA10-162A
CVE - 2008-4546
OVAL16302
OVAL7187
RHSA-2010:0464
RHSA-2010:0470
SUSE-SA:2010:024
http://www.adobe.com/support/security/bulletins/apsb10-14.html
45630

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;