Signature Detail

HTTP: Adobe Flash Player for Linux ActionScript ASnative Command Execution

This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary command execution.

Extended Description

Adobe Flash Player is prone to a remote command-execution vulnerability due to a failure to validate user supplied input to an internal function. Remote attackers may exploit this vulnerability to compromise an affected computer. This issue affects Flash Player on Linux platforms. Versions prior to Flash Player 10.0.15.3 and 9.0.152.0 are vulnerable.

Affected Products

• Adobe Flash Player 10
• Adobe Flash Player 10.0.12 .35
• Adobe Flash Player 10.0.12 .36
• Adobe Flash Player 7
• Adobe Flash Player 7.0.69.0
• Adobe Flash Player 7.0.70.0
• Adobe Flash Player 8.0.34.0
• Adobe Flash Player 8.0.35.0
• Adobe Flash Player 9
• Adobe Flash Player 9.0.115.0
• Adobe Flash Player 9.0.124.0
• Adobe Flash Player 9.0.151 .0
• Adobe Flash Player 9.0.28.0
• Adobe Flash Player 9.0.31.0
• Adobe Flash Player 9.0.45.0
• Adobe Flash Player 9.0.47.0
• Adobe Flash Player 9.0.48.0
• Gentoo Linux
• Pardus Linux 2007
• Pardus Linux 2008
• Red Hat Desktop Extras 3
• Red Hat Desktop Extras 4
• Red Hat Enterprise Linux AS Extras 3
• Red Hat Enterprise Linux AS Extras 4
• Red Hat Enterprise Linux Desktop Supplementary 5 Client
• Red Hat Enterprise Linux ES Extras 3
• Red Hat Enterprise Linux ES Extras 4
• Red Hat Enterprise Linux Extras 3
• Red Hat Enterprise Linux Extras 4
• Red Hat Enterprise Linux Supplementary 5 Server
• Red Hat Enterprise Linux WS Extras 3
• Red Hat Enterprise Linux WS Extras 4
• SuSE Novell Linux Desktop 9.0.0
• SuSE openSUSE 10.3
• SuSE openSUSE 11.0
• SuSE openSUSE 11.1
• SuSE SUSE Linux Enterprise Desktop 10 SP2
• Turbolinux Client 2008
• Turbolinux FUJI
• Turbolinux wizpy

References

• BugTraq: 32896
• CVE: CVE-2008-5499