Vulnerability Description
ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Flash Player | <= 9.0.124.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
- http://secunia.com/advisories/32270PatchVendor Advisory
- http://secunia.com/advisories/32448
- http://secunia.com/advisories/32702
- http://secunia.com/advisories/32759
- http://secunia.com/advisories/33390
- http://secunia.com/advisories/34226
- http://security.gentoo.org/glsa/glsa-200903-23.xml
- http://securitytracker.com/id?1021061
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
- http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
- http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
- http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
- http://www.adobe.com/support/security/bulletins/apsb08-18.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0945.html
FAQ
What is CVE-2008-4401?
CVE-2008-4401 is a vulnerability with a CVSS score of 10.0 (HIGH). ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileRef...
How severe is CVE-2008-4401?
CVE-2008-4401 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4401?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player.