Back to search
CVE-2008-4401
Published: Oct 17, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
33390
third-party-advisory
x_refsource_SECUNIA
http://www.adobe.com/support/security/bulletins/apsb08-18.html
x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
x_refsource_CONFIRM
32270
third-party-advisory
x_refsource_SECUNIA
32702
third-party-advisory
x_refsource_SECUNIA
34226
third-party-advisory
x_refsource_SECUNIA
ADV-2008-2838
vdb-entry
x_refsource_VUPEN
1021061
vdb-entry
x_refsource_SECTRACK
GLSA-200903-23
vendor-advisory
x_refsource_GENTOO
32759
third-party-advisory
x_refsource_SECUNIA
RHSA-2008:0945
vendor-advisory
x_refsource_REDHAT
RHSA-2008:0980
vendor-advisory
x_refsource_REDHAT
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
x_refsource_CONFIRM
248586
vendor-advisory
x_refsource_SUNALERT
32448
third-party-advisory
x_refsource_SECUNIA
adobe-flash-filereference-file-upload(45913)
vdb-entry
x_refsource_XF
SUSE-SR:2008:025
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now