Vulnerability Details : CVE-2008-4401
ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.
Products affected by CVE-2008-4401
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0_r67:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-4401
3.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-4401
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-4401
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4401
-
http://securitytracker.com/id?1021061
-
http://www.redhat.com/support/errata/RHSA-2008-0980.html
-
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
-
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2008:025 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
-
http://security.gentoo.org/glsa/glsa-200903-23.xml
Adobe Flash Player: Multiple vulnerabilities (GLSA 200903-23) — Gentoo security
-
http://www.vupen.com/english/advisories/2008/2838
-
http://www.redhat.com/support/errata/RHSA-2008-0945.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45913
-
http://www.adobe.com/support/security/bulletins/apsb08-18.html
Patch;Vendor Advisory
-
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
Jump to