FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

swfdec -- exposure of sensitive information

Affected packages
swfdec < 0.6.4

Details

VuXML ID 5ef12755-1c6c-11dd-851d-0016d325a0ed
Discovery 2008-04-09
Entry 2008-05-07

Secunia reports:

A vulnerability has been reported in swfdec, which can be exploited by malicious people to disclose sensitive information.

The vulnerability is caused due to swfdec not properly restricting untrusted sandboxes from reading local files, which can be exploited to disclose the content of arbitrary local files by e.g. tricking a user into visiting a malicious website.

References

CVE Name CVE-2008-1834
URL http://secunia.com/advisories/29915