10

CVE-2008-4401

ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeFlash Player Version <= 9.0.124.0
AdobeFlash Player Version7.0
AdobeFlash Player Version7.0.1
AdobeFlash Player Version7.0.25
AdobeFlash Player Version7.0.63
AdobeFlash Player Version7.0.69.0
AdobeFlash Player Version7.0.70.0
AdobeFlash Player Version7.0_r67
AdobeFlash Player Version7.1
AdobeFlash Player Version7.1.1
AdobeFlash Player Version7.2
AdobeFlash Player Version8.0
AdobeFlash Player Version8.0.24.0
AdobeFlash Player Version8.0.34.0
AdobeFlash Player Version8.0.35.0
AdobeFlash Player Version8.0.39.0
AdobeFlash Player Version9.0
AdobeFlash Player Version9.0.112.0
AdobeFlash Player Version9.0.114.0
AdobeFlash Player Version9.0.115.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.15% 0.935
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/32270
Patch
Vendor Advisory
http://secunia.com/advisories/32448
http://secunia.com/advisories/32702
http://secunia.com/advisories/32759
http://secunia.com/advisories/33390
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
http://www.adobe.com/support/security/bulletins/apsb08-18.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0945.html
http://www.redhat.com/support/errata/RHSA-2008-0980.html
http://www.vupen.com/english/advisories/2008/2838
http://secunia.com/advisories/34226
http://security.gentoo.org/glsa/glsa-200903-23.xml
http://securitytracker.com/id?1021061
https://exchange.xforce.ibmcloud.com/vulnerabilities/45913