Intrusion Prevention

Adobe.Flash.Player.SWF.Version.Null.Pointer.Dereference.DoS

Description

This indicates an attack attempt against a denial-of-service vulnerability in Adobe Flash Player.
The vulnerability is caused by an error when the vulnerable software handles two responses for the same HTTP request, which includes SWF files with different version numbers. It allows a remote attacker to crash the vulnerable software via sending two crafted HTTP responses.

Affected Products

Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris
Adobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.adobe.com/support/security/bulletins/apsb10-14.html

CVE References

CVE-2008-4546