Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4401

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4401
Last Modified 07 Mar 2011 10:12:23
Published 17 Oct 2008 03:31:15
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4401

Summary

ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.

Vulnerable Systems

Application

  • Adobe Flash Player 7

  • Adobe Flash Player 7.0

  • Adobe Flash Player 7.0 R67

  • Adobe Flash Player 7.0.1

  • Adobe Flash Player 7.0.25

  • Adobe Flash Player 7.0.63

  • Adobe Flash Player 7.0.69.0

  • Adobe Flash Player 7.0.70.0

  • Adobe Flash Player 7.1

  • Adobe Flash Player 7.1.1

  • Adobe Flash Player 7.2

  • Adobe Flash Player 8

  • Adobe Flash Player 8.0

  • Adobe Flash Player 8.0.24.0

  • Adobe Flash Player 8.0.34.0

  • Adobe Flash Player 8.0.35.0

  • Adobe Flash Player 8.0.39.0

  • Adobe Flash Player 9

  • Adobe Flash Player 9.0.112.0

  • Adobe Flash Player 9.0.114.0

  • Adobe Flash Player 9.0.115.0

  • Adobe Flash Player 9.0.124.0


References

XF - adobe-flash-filereference-file-upload(45913)

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb08-18.html

SECUNIA - 32270

VUPEN - ADV-2008-2838

REDHAT - RHSA-2008:0980

REDHAT - RHSA-2008:0945

CONFIRM - http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm

SUNALERT - 248586

SECTRACK - 1021061

GENTOO - GLSA-200903-23

SECUNIA - 34226

SECUNIA - 33390

SECUNIA - 32759

SECUNIA - 32702

SECUNIA - 32448

SUSE - SUSE-SR:2008:025

Related Patches

Adobe Flash Player 10.0.12.36 for Mac OS X (PPC) (Rev 2)


Last Updated: 27 May 2016 10:48:28