Detections
Analytics

CVE-2008-4401

critical

Description

ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/45913

http://www.vupen.com/english/advisories/2008/2838

http://www.redhat.com/support/errata/RHSA-2008-0980.html

http://www.redhat.com/support/errata/RHSA-2008-0945.html

http://www.adobe.com/support/security/bulletins/apsb08-18.html

http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html

http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm

http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm

http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1

http://securitytracker.com/id?1021061

http://security.gentoo.org/glsa/glsa-200903-23.xml

http://secunia.com/advisories/34226

http://secunia.com/advisories/33390

http://secunia.com/advisories/32759

http://secunia.com/advisories/32702

http://secunia.com/advisories/32448

http://secunia.com/advisories/32270

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

Details

Source: Mitre, NVD

Published: 2008-10-17

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical