CVE-2008-4546: Null Pointer Dereference
First published: Tue Oct 14 2008(Updated: )
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Flash Player | =9.0.112.0 | |
| Macromedia Flash Player | =9.0.45.0 | |
| Macromedia Flash Player | =9.0.115.0 | |
| Macromedia Flash Player | =10.0.12.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mochimedia.com/~matthew/flashcrash/
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
- http://secunia.com/advisories/32759
- http://www.securityfocus.com/bid/31537
- http://securityreason.com/securityalert/4401
- http://securitytracker.com/id?1024086
- http://securitytracker.com/id?1024085
- http://www.adobe.com/support/security/bulletins/apsb10-14.html
- http://www.vupen.com/english/advisories/2010/1453
- http://www.redhat.com/support/errata/RHSA-2010-0464.html
- http://www.us-cert.gov/cas/techalerts/TA10-162A.html
- http://www.redhat.com/support/errata/RHSA-2010-0470.html
- http://www.vupen.com/english/advisories/2010/1421
- http://www.vupen.com/english/advisories/2010/1434
- http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
- http://www.vupen.com/english/advisories/2010/1432
- http://www.vupen.com/english/advisories/2010/1482
- http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
- http://www.vupen.com/english/advisories/2010/1522
- http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
- http://www.vupen.com/english/advisories/2010/1793
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
- http://secunia.com/advisories/40545
- http://support.apple.com/kb/HT4435
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://security.gentoo.org/glsa/glsa-201101-09.xml
- http://www.vupen.com/english/advisories/2011/0192
- http://secunia.com/advisories/43026
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45630
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302
- http://www.securityfocus.com/archive/1/496929/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-4546?
CVE-2008-4546 has a moderate severity rating due to its potential to cause denial of service.
How do I fix CVE-2008-4546?
To fix CVE-2008-4546, update Adobe Flash Player to version 9.0.277.0 or later, or 10.1.53.64 or later.
What versions are affected by CVE-2008-4546?
CVE-2008-4546 affects Adobe Flash Player versions prior to 9.0.277.0 and 10.x prior to 10.1.53.64.
What is the impact of CVE-2008-4546?
The impact of CVE-2008-4546 is a denial of service that can crash the browser due to a NULL pointer dereference.
Can CVE-2008-4546 be exploited remotely?
Yes, CVE-2008-4546 can be exploited remotely by web servers sending altered responses to HTTP requests.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/9.0.112.0
- version/macromedia flash player/9.0.45.0
- version/macromedia flash player/9.0.115.0
- version/macromedia flash player/10.0.12.10