cpe:/a:adobe:flash_player:9.0.45.0 cpe:/a:adobe:flash_player:9.0.112.0 cpe:/a:adobe:flash_player:9.0.115.0 cpe:/a:adobe:flash_player:10.0.12.10 CVE-2008-4546 2008-10-14T11:28:16.723-04:00 2017-09-28T21:32:12.680-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2008-10-14T13:46:00.000-04:00 SECTRACK 1024085 SECTRACK 1024086 BUGTRAQ 20081002 Adobe Flash Player plug-in null pointer dereference and browser crash BID 31537 SECUNIA 32759 SECUNIA 40545 SECUNIA 43026 SREASON 4401 VUPEN ADV-2010-1421 VUPEN ADV-2010-1432 VUPEN ADV-2010-1434 VUPEN ADV-2010-1453 VUPEN ADV-2010-1482 VUPEN ADV-2010-1522 VUPEN ADV-2010-1793 VUPEN ADV-2011-0192 APPLE APPLE-SA-2010-11-10-1 GENTOO GLSA-201101-09 HP HPSBMA02547 REDHAT RHSA-2010:0464 REDHAT RHSA-2010:0470 HP SSRT100179 SUSE SUSE-SA:2010:024 SUSE SUSE-SR:2008:025 SUSE SUSE-SR:2010:013 CERT TA10-162A TURBO TLSA-2010-19 XF adobe-flash-version-dos(45630) CONFIRM http://support.apple.com/kb/HT4435 CONFIRM http://www.adobe.com/support/security/bulletins/apsb10-14.html MISC http://www.mochimedia.com/~matthew/flashcrash/ Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.