CVE-2008-4401

ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
adobeflash_player
𝑥
≤ 9.0.124.0
adobeflash_player
7.0
adobeflash_player
7.0.1
adobeflash_player
7.0.25
adobeflash_player
7.0.63
adobeflash_player
7.0.69.0
adobeflash_player
7.0.70.0
adobeflash_player
7.0_r67:_r67
adobeflash_player
7.1
adobeflash_player
7.1.1
adobeflash_player
7.2
adobeflash_player
8.0
adobeflash_player
8.0.24.0
adobeflash_player
8.0.34.0
adobeflash_player
8.0.35.0
adobeflash_player
8.0.39.0
adobeflash_player
9.0
adobeflash_player
9.0.112.0
adobeflash_player
9.0.114.0
adobeflash_player
9.0.115.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
flashplugin-nonfree
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
Fixed 9.0.246.0ubuntu1
released
gutsy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/32270
http://secunia.com/advisories/32448
http://secunia.com/advisories/32702
http://secunia.com/advisories/32759
http://secunia.com/advisories/33390
http://secunia.com/advisories/34226
http://security.gentoo.org/glsa/glsa-200903-23.xml
http://securitytracker.com/id?1021061
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
http://www.adobe.com/support/security/bulletins/apsb08-18.html
http://www.redhat.com/support/errata/RHSA-2008-0945.html
http://www.redhat.com/support/errata/RHSA-2008-0980.html
http://www.vupen.com/english/advisories/2008/2838
https://exchange.xforce.ibmcloud.com/vulnerabilities/45913
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/32270
http://secunia.com/advisories/32448
http://secunia.com/advisories/32702
http://secunia.com/advisories/32759
http://secunia.com/advisories/33390
http://secunia.com/advisories/34226
http://security.gentoo.org/glsa/glsa-200903-23.xml
http://securitytracker.com/id?1021061
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
http://www.adobe.com/support/security/bulletins/apsb08-18.html
http://www.redhat.com/support/errata/RHSA-2008-0945.html
http://www.redhat.com/support/errata/RHSA-2008-0980.html
http://www.vupen.com/english/advisories/2008/2838
https://exchange.xforce.ibmcloud.com/vulnerabilities/45913