FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-4401

This CVE name corresponds to:

Entered Topic
2008-10-17 linux-flashplugin -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-4401
Phase Assigned(20081002)

Description

ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.

References

Source Reference
CONFIRM http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
CONFIRM http://www.adobe.com/support/security/bulletins/apsb08-18.html
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
GENTOO GLSA-200903-23
REDHAT RHSA-2008:0945
REDHAT RHSA-2008:0980
SUNALERT 248586
SUSE SUSE-SR:2008:025
SECUNIA 34226
VUPEN ADV-2008-2838
SECTRACK 1021061
SECUNIA 32270
SECUNIA 32448
SECUNIA 32759
SECUNIA 32702
SECUNIA 33390
XF adobe-flash-filereference-file-upload(45913)