CVE-2008-3873 | Vulnerability Database | Aqua Security

The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.

Affected Software

Name	Vendor	Start Version	End Version
Flash_player	Adobe	*	*

References

http://blogs.zdnet.com/security/?p=1733
http://blogs.zdnet.com/security/?p=1759
http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html
http://securitytracker.com/id?1020724
http://www.securityfocus.com/bid/31117
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
http://www.adobe.com/support/security/bulletins/apsb08-18.html
http://secunia.com/advisories/32448
http://www.redhat.com/support/errata/RHSA-2008-0945.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/32759
http://www.redhat.com/support/errata/RHSA-2008-0980.html
http://secunia.com/advisories/32702
http://secunia.com/advisories/33390
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
http://security.gentoo.org/glsa/glsa-200903-23.xml
http://secunia.com/advisories/34226
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid=
http://www.vupen.com/english/advisories/2008/2838
https://exchange.xforce.ibmcloud.com/vulnerabilities/44584

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-3873
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html