Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2008-4401
HistoryOct 17, 2008 - 7:31 p.m.

CVE-2008-4401

2008-10-1719:31:15
CWE-264
mitre
web.nvd.nist.gov
78
adobe flash player
cve-2008-4401
actionscript
filereference.browse
filereference.download
security vulnerability

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.033

Percentile

91.3%

JSON

ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.

Affected configurations

Nvd
Node
adobeflash_playerRange≀9.0.124.0
OR
adobeflash_playerMatch7.0
OR
adobeflash_playerMatch7.0.1
OR
adobeflash_playerMatch7.0.25
OR
adobeflash_playerMatch7.0.63
OR
adobeflash_playerMatch7.0.69.0
OR
adobeflash_playerMatch7.0.70.0
OR
adobeflash_playerMatch7.0_r67
OR
adobeflash_playerMatch7.1
OR
adobeflash_playerMatch7.1.1
OR
adobeflash_playerMatch7.2
OR
adobeflash_playerMatch8.0
OR
adobeflash_playerMatch8.0.24.0
OR
adobeflash_playerMatch8.0.34.0
OR
adobeflash_playerMatch8.0.35.0
OR
adobeflash_playerMatch8.0.39.0
OR
adobeflash_playerMatch9.0
OR
adobeflash_playerMatch9.0.112.0
OR
adobeflash_playerMatch9.0.114.0
OR
adobeflash_playerMatch9.0.115.0
VendorProductVersionCPE
adobeflash_player7.0cpe:/a:adobe:flash_player:7.0:::
adobeflash_player7.0.70.0cpe:/a:adobe:flash_player:7.0.70.0:::
adobeflash_player8.0.39.0cpe:/a:adobe:flash_player:8.0.39.0:::
adobeflash_player7.0.69.0cpe:/a:adobe:flash_player:7.0.69.0:::
adobeflash_playercpe:/a:adobe:flash_player::::
adobeflash_player9.0.114.0cpe:/a:adobe:flash_player:9.0.114.0:::
adobeflash_player7.2cpe:/a:adobe:flash_player:7.2:::
adobeflash_player9.0.112.0cpe:/a:adobe:flash_player:9.0.112.0:::
adobeflash_player7.0.63cpe:/a:adobe:flash_player:7.0.63:::
adobeflash_player7.0.1cpe:/a:adobe:flash_player:7.0.1:::
Rows per page:
1-10 of 201

Related

nvd 1
ubuntucve 1
seebug 1
cvelist 1
prion 1
openvas 8
freebsd 1
nessus 11
redhat 2
gentoo 1
nvd
nvd
CVE-2008-4401
2008-10-17 19:31:15
ubuntucve
ubuntucve
CVE-2008-4401
2008-10-17 00:00:00
seebug
seebug
Adobe Flash Player FileReference APIδ»»ζ„ζ–‡δ»ΆδΈŠδΌ /δΈ‹θ½½ζΌζ΄ž
2008-10-31 00:00:00
cvelist
cvelist
CVE-2008-4401
2008-10-17 18:00:00
prion
prion
Design/Logic Flaw
2008-10-17 19:31:00
openvas
openvas
Adobe Flash Player Multiple Security Bypass Vulnerabilities (Windows)
2008-10-16 00:00:00
Adobe Flash Player Multiple Security Bypass Vulnerabilities - Linux
2008-10-16 00:00:00
FreeBSD Ports: linux-flashplugin
2008-11-01 00:00:00
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2008-10-15 00:00:00
nessus
nessus
FreeBSD : linux-flashplugin -- multiple vulnerabilities (78f456fd-9c87-11dd-a55e-00163e000016)
2008-10-20 00:00:00
openSUSE Security Update : flash-player (flash-player-294)
2009-07-21 00:00:00
openSUSE 10 Security Update : flash-player (flash-player-5747)
2008-11-12 00:00:00
redhat
redhat
(RHSA-2008:0945) Critical: flash-plugin security update
2008-10-28 00:00:00
(RHSA-2008:0980) Critical: flash-plugin security update
2008-11-12 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2009-03-10 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.033

Percentile

91.3%

JSON
Related for CVE-2008-4401
nvd1ubuntucve1seebug1cvelist1prion1openvas8freebsd1nessus11redhat2gentoo1