CVE-2008-1655

Adobe Flash Player <9.0.115.0 - SSRF

Title source: llm

Description

Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.

References (20)

[Mailing List] http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1

[Various Sources] http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns

[Various Sources] http://www.adobe.com/support/security/bulletins/apsb08-11.html

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0221.html

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA08-100A.html

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA08-150A.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/28697

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41807

[Third Party Advisory, VDB Entry] http://www.osvdb.org/44283

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10724

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019808

[Third Party Advisory] http://secunia.com/advisories/29763

[Third Party Advisory] http://secunia.com/advisories/29865

[Third Party Advisory] http://secunia.com/advisories/30430

[Third Party Advisory] http://secunia.com/advisories/30507

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1697

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1724/references

Scores

EPSS 0.2726

EPSS Percentile 96.3%

Classification

CWE

CWE-79

Status draft

Affected Products (3)

adobe/air

adobe/flash_player < 9.0.115.0

adobe/flex

Timeline

Published Apr 09, 2008

Tracked Since Feb 18, 2026