Lucene search

MitreCVE-2003-1017

HistoryJan 05, 2004 - 5:00 a.m.

CVE-2003-1017

2004-01-0505:00:00

mitre

web.nvd.nist.gov

macromedia

flash player

data file

predictable location

web browsers

vulnerability

remote attackers

nvd

cve-2003-1017

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.006

Percentile

78.9%

JSON

Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names.

Affected configurations

Nvd

Node

macromediadirectorMatch5.0

macromediaflash_playerMatch4.0_r12

macromediaflash_playerMatch5.0

macromediaflash_playerMatch5.0_r50

macromediaflash_playerMatch6.0

macromediaflash_playerMatch6.0.29.0

macromediaflash_playerMatch6.0.40.0

macromediaflash_playerMatch6.0.47.0

macromediaflash_playerMatch6.0.65.0

macromediaflash_playerMatch6.0.79.0

VendorProductVersionCPE
macromediadirector5.0cpe:2.3:a:macromedia:director:5.0:*:*:*:*:*:*:*
macromediaflash_player4.0_r12cpe:2.3:a:macromedia:flash_player:4.0_r12:*:*:*:*:*:*:*
macromediaflash_player5.0cpe:2.3:a:macromedia:flash_player:5.0:*:*:*:*:*:*:*
macromediaflash_player5.0_r50cpe:2.3:a:macromedia:flash_player:5.0_r50:*:*:*:*:*:*:*
macromediaflash_player6.0cpe:2.3:a:macromedia:flash_player:6.0:*:*:*:*:*:*:*
macromediaflash_player6.0.29.0cpe:2.3:a:macromedia:flash_player:6.0.29.0:*:*:*:*:*:*:*
macromediaflash_player6.0.40.0cpe:2.3:a:macromedia:flash_player:6.0.40.0:*:*:*:*:*:*:*
macromediaflash_player6.0.47.0cpe:2.3:a:macromedia:flash_player:6.0.47.0:*:*:*:*:*:*:*
macromediaflash_player6.0.65.0cpe:2.3:a:macromedia:flash_player:6.0.65.0:*:*:*:*:*:*:*
macromediaflash_player6.0.79.0cpe:2.3:a:macromedia:flash_player:6.0.79.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
macromedia	director	5.0	cpe:2.3:a:macromedia:director:5.0:::::::*
macromedia	flash_player	4.0_r12	cpe:2.3:a:macromedia:flash_player:4.0_r12:::::::*
macromedia	flash_player	5.0	cpe:2.3:a:macromedia:flash_player:5.0:::::::*
macromedia	flash_player	5.0_r50	cpe:2.3:a:macromedia:flash_player:5.0_r50:::::::*
macromedia	flash_player	6.0	cpe:2.3:a:macromedia:flash_player:6.0:::::::*
macromedia	flash_player	6.0.29.0	cpe:2.3:a:macromedia:flash_player:6.0.29.0:::::::*
macromedia	flash_player	6.0.40.0	cpe:2.3:a:macromedia:flash_player:6.0.40.0:::::::*
macromedia	flash_player	6.0.47.0	cpe:2.3:a:macromedia:flash_player:6.0.47.0:::::::*
macromedia	flash_player	6.0.65.0	cpe:2.3:a:macromedia:flash_player:6.0.65.0:::::::*
macromedia	flash_player	6.0.79.0	cpe:2.3:a:macromedia:flash_player:6.0.79.0:::::::*

References

www.macromedia.com/devnet/security/security_zone/mpsb03-08.html

www.securityfocus.com/bid/8900

exchange.xforce.ibmcloud.com/vulnerabilities/14013

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.006

Percentile

78.9%

JSON

Related for CVE-2003-1017