CVE-2008-3873 | Vulnerability Database | Aqua Security

The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.

Affected Software

Name	Vendor	Start Version	End Version
Flash_player	Adobe	*	*
Extras for RHEL 3	RedHat	flash-plugin-0:9.0.151.0-1.el3.with.oss	*
Extras for RHEL 4	RedHat	flash-plugin-0:9.0.151.0-1.el4	*
Supplementary for Red Hat Enterprise Linux 5	RedHat	flash-plugin-0:10.0.12.36-2.el5	*
Flashplugin-nonfree	Ubuntu	dapper	*
Flashplugin-nonfree	Ubuntu	feisty	*
Flashplugin-nonfree	Ubuntu	gutsy	*
Flashplugin-nonfree	Ubuntu	hardy	*
Flashplugin-nonfree	Ubuntu	upstream	*

References

http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html
http://blogs.zdnet.com/security/?p=1733
http://blogs.zdnet.com/security/?p=1759
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/32448
http://secunia.com/advisories/32702
http://secunia.com/advisories/32759
http://secunia.com/advisories/33390
http://secunia.com/advisories/34226
http://security.gentoo.org/glsa/glsa-200903-23.xml
http://securitytracker.com/id?1020724
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid=
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
http://www.adobe.com/support/security/bulletins/apsb08-18.html
http://www.redhat.com/support/errata/RHSA-2008-0945.html
http://www.redhat.com/support/errata/RHSA-2008-0980.html
http://www.securityfocus.com/bid/31117
http://www.vupen.com/english/advisories/2008/2838
https://exchange.xforce.ibmcloud.com/vulnerabilities/44584
http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html
http://blogs.zdnet.com/security/?p=1733
http://blogs.zdnet.com/security/?p=1759
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/32448
http://secunia.com/advisories/32702
http://secunia.com/advisories/32759
http://secunia.com/advisories/33390
http://secunia.com/advisories/34226
http://security.gentoo.org/glsa/glsa-200903-23.xml
http://securitytracker.com/id?1020724
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid=
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
http://www.adobe.com/support/security/bulletins/apsb08-18.html
http://www.redhat.com/support/errata/RHSA-2008-0945.html
http://www.redhat.com/support/errata/RHSA-2008-0980.html
http://www.securityfocus.com/bid/31117
http://www.vupen.com/english/advisories/2008/2838
https://exchange.xforce.ibmcloud.com/vulnerabilities/44584

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-3873
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html