CVE-2008-4401
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
91.3%
ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.
Affected configurations
References
lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
secunia.com/advisories/32270
secunia.com/advisories/32448
secunia.com/advisories/32702
secunia.com/advisories/32759
secunia.com/advisories/33390
secunia.com/advisories/34226
security.gentoo.org/glsa/glsa-200903-23.xml
securitytracker.com/id?1021061
sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
support.avaya.com/elmodocs2/security/ASA-2008-440.htm
support.avaya.com/elmodocs2/security/ASA-2009-020.htm
www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
www.adobe.com/support/security/bulletins/apsb08-18.html
www.redhat.com/support/errata/RHSA-2008-0945.html
www.redhat.com/support/errata/RHSA-2008-0980.html
www.vupen.com/english/advisories/2008/2838
exchange.xforce.ibmcloud.com/vulnerabilities/45913
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
91.3%