NVD Vulnerability Detail

CVE-2008-4546

Summary	Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
Publication Date	Oct. 15, 2008, 12:28 a.m.
Registration Date	Jan. 29, 2021, 1:43 p.m.
Last Update	Oct. 12, 2018, 5:52 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player:9.0.45.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.112.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.115.0:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.10:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751	HP
2	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	APPLE
3	http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html	SUSE
4	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html	SUSE
5	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html	SUSE
6	http://secunia.com/advisories/32759	SECUNIA
7	http://secunia.com/advisories/40545	SECUNIA
8	http://secunia.com/advisories/43026	SECUNIA
9	http://security.gentoo.org/glsa/glsa-201101-09.xml	GENTOO
10	http://securityreason.com/securityalert/4401	SREASON
11	http://securitytracker.com/id?1024085	SECTRACK
12	http://securitytracker.com/id?1024086	SECTRACK
13	http://support.apple.com/kb/HT4435	CONFIRM
14	http://www.adobe.com/support/security/bulletins/apsb10-14.html	CONFIRM
15	http://www.mochimedia.com/~matthew/flashcrash/	MISC	Exploit
16	http://www.redhat.com/support/errata/RHSA-2010-0464.html	REDHAT
17	http://www.redhat.com/support/errata/RHSA-2010-0470.html	REDHAT
18	http://www.securityfocus.com/archive/1/496929/100/0/threaded	BUGTRAQ
19	http://www.securityfocus.com/bid/31537	BID
20	http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt	TURBO
21	http://www.us-cert.gov/cas/techalerts/TA10-162A.html	CERT	US Government Resource
22	http://www.vupen.com/english/advisories/2010/1421	VUPEN
23	http://www.vupen.com/english/advisories/2010/1432	VUPEN
24	http://www.vupen.com/english/advisories/2010/1434	VUPEN
25	http://www.vupen.com/english/advisories/2010/1453	VUPEN
26	http://www.vupen.com/english/advisories/2010/1482	VUPEN
27	http://www.vupen.com/english/advisories/2010/1522	VUPEN
28	http://www.vupen.com/english/advisories/2010/1793	VUPEN
29	http://www.vupen.com/english/advisories/2011/0192	VUPEN
30	https://exchange.xforce.ibmcloud.com/vulnerabilities/45630	XF
31	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302	OVAL
32	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187	OVAL

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html

JVN Vulnerability Information

Adobe Flash Player および Adobe AIR におけるサービス運用妨害 (DoS) の脆弱性

Title	Adobe Flash Player および Adobe AIR におけるサービス運用妨害 (DoS) の脆弱性
Summary	Adobe Flash Player および Adobe AIR には、バージョンが異なる SWF ファイルにおける HTML リクエストの送信に関する処理に不備があるため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。
Possible impacts	第三者により、サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 14, 2008, midnight
Registration Date	July 6, 2010, 8:08 p.m.
Last Update	Nov. 25, 2010, 3:10 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux Extras 3 extras

Red Hat Enterprise Linux Extras 4 extras

Red Hat Enterprise Linux Extras 4.8.z extras

RHEL Desktop Supplementary 5 (client)

RHEL Supplementary 5 (server)

RHEL Supplementary EUS 5.4.z (server)

ターボリナックス

Turbolinux Client 2008

アドビシステムズ

Adobe AIR 1.5.3.9130 およびそれ以前

Adobe Flash Player 10.0.45.2 およびそれ以前

アップル

Apple Mac OS X 10.5.8

Apple Mac OS X v10.6 から v10.6.4

Apple Mac OS X Server 10.5.8

Apple Mac OS X Server v10.6 から v10.6.4

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-4546	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
National Vulnerability Database (NVD)
2	CVE-2008-4546	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4546

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-399	https://jvndb.jvn.jp/ja/cwe/CWE-399.html

ベンダー情報

No	Name	URL
Adobe Security Bulletin
1	APSB10-14	http://www.adobe.com/support/security/bulletins/apsb10-14.html
Adobe セキュリティ情報
2	APSB10-14	http://www.adobe.com/jp/support/security/bulletins/apsb10-14.html
Apple Security Updates
3	HT4435	http://support.apple.com/kb/HT4435
Apple セキュリティアップデート
4	HT4435	http://support.apple.com/kb/HT4435?viewlocale=ja_JP
Red Hat Security Advisory
5	RHSA-2010:0464	https://rhn.redhat.com/errata/RHSA-2010-0464.html
6	RHSA-2010:0470	https://rhn.redhat.com/errata/RHSA-2010-0470.html
Turbolinux Security Advisory
7	TLSA-2010-19	http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
富士通セキュリティ情報
8	TA10-159A	http://software.fujitsu.com/jp/security/vulnerabilities/ta10-159a.html
9	TA10-162A	http://software.fujitsu.com/jp/security/vulnerabilities/ta10-162a.html

その他

No	Name	URL
IPA 緊急対策情報
1	20100611-adobe	http://www.ipa.go.jp/security/ciadr/vul/20100611-adobe.html
ISS X-Force Database
2	45630	http://xforce.iss.net/xforce/xfdb/45630
JPCERT 緊急報告
3	JPCERT-AT-2010-0015	https://www.jpcert.or.jp/at/2010/at100015.txt
4	JPCERT-AT-2010-0017	https://www.jpcert.or.jp/at/2010/at100017.txt
JVN
5	JVNTA10-159A	http://jvn.jp/cert/JVNTA10-159A/index.html
6	JVNTA10-162A	http://jvn.jp/cert/JVNTA10-162A/index.html
7	JVNVU#331391	http://jvn.jp/cert/JVNVU331391
JVN Status Tracking Notes
8	JVNTR-2010-16	http://jvn.jp/tr/JVNTR-2010-16/
SecurityFocus
9	31537	http://www.securityfocus.com/bid/31537
SecurityTracker
10	1024085	http://securitytracker.com/id?1024085
11	1024086	http://securitytracker.com/id?1024086
US-CERT Cyber Security Alerts
12	SA10-159A	http://www.us-cert.gov/cas/alerts/SA10-159A.html
13	SA10-162A	http://www.us-cert.gov/cas/alerts/SA10-162A.html
US-CERT Technical Cyber Security Alert
14	TA10-159A	http://www.us-cert.gov/cas/techalerts/TA10-159A.html
15	TA10-162A	http://www.us-cert.gov/cas/techalerts/TA10-162A.html
VUPEN Security
16	VUPEN/ADV-2010-1421	http://www.vupen.com/english/advisories/2010/1421
17	VUPEN/ADV-2010-1432	http://www.vupen.com/english/advisories/2010/1432
18	VUPEN/ADV-2010-1453	http://www.vupen.com/english/advisories/2010/1453
19	VUPEN/ADV-2010-1522	http://www.vupen.com/english/advisories/2010/1522
警察庁 @police
20	アドビシステムズ社の Adobe Flash Player のセキュリティ修正プログラムについて	http://www.npa.go.jp/cyberpolice/#topics

Change Log

No	Changed Details	Date of change
0	[2010年07月06日] 掲載 [2010年11月25日] 影響を受けるシステム：アップル (HT4435) の情報を追加ベンダ情報：アップル (HT4435) を追加	Feb. 17, 2018, 10:37 a.m.