Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1834

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1834
Last Modified 29 Jul 2009 12:00:00
Published 16 Apr 2008 12:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1834

Summary

swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file.

Vulnerable Systems

Application

  • Swfdec 0.4.0

  • Swfdec 0.4.1

  • Swfdec 0.4.2

  • Swfdec 0.4.3

  • Swfdec 0.4.4

  • Swfdec 0.4.5

  • Swfdec 0.5.0

  • Swfdec 0.5.1

  • Swfdec 0.5.2

  • Swfdec 0.5.3

  • Swfdec 0.5.4

  • Swfdec 0.5.5

  • Swfdec 0.5.90

  • Swfdec 0.6.0

  • Swfdec 0.6.2


References

MLIST - [Swfdec] 20080409 Swfdec 0.6.4 released

XF - swfdec-swfdecloadobject-info-disclosure(41887)

BID - 28881

SECUNIA - 29915

CONFIRM - http://gitweb.freedesktop.org/?p=swfdec/swfdec.git;a=commit;h=326ee4ff631ecc11605f1251e1923a94561a3823


Last Updated: 27 May 2016 10:47:40