Vulnerability Details : CVE-2008-3873
The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.
Exploit prediction scoring system (EPSS) score for CVE-2008-3873
Probability of exploitation activity in the next 30 days: 2.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-3873
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
References for CVE-2008-3873
- http://www.redhat.com/support/errata/RHSA-2008-0980.html
- http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/44584
-
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2008:025 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://blogs.zdnet.com/security/?p=1759
- http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
- http://security.gentoo.org/glsa/glsa-200903-23.xml
-
http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html
-
http://blogs.zdnet.com/security/?p=1733
-
http://www.securityfocus.com/bid/31117
- http://www.vupen.com/english/advisories/2008/2838
- http://www.redhat.com/support/errata/RHSA-2008-0945.html
-
http://securitytracker.com/id?1020724
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=
- http://www.adobe.com/support/security/bulletins/apsb08-18.html
- http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
Products affected by CVE-2008-3873
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*