CVE-2002-1467 — Improper Input Validation in Flash Player

CWE-20 — Improper Input Validation10 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.0%

top 22.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Shockwave Player Macromedia Flash Player Macromedia Shockwave

Timeline

PublishedApr 22

Latest updateMay 1

Description

Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDmacromedia/flash_player6.0, 6.0.29.0, 6.0.40.0+2

▶NVDmacromedia/shockwave8.0

▶NVDadobe/shockwave_player9

Patches

Patch: online.securityfocus.com ↗Patch: www.iss.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-pwqr-x6x9-wjxj: The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF↗2022-05-01

▶

GHSA

GHSA-r825-m227-647m: Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirec↗2022-04-30

▶

CVEList

CVE-2007-5275: The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF↗2007-10-08

▶

CVEList

CVE-2002-1467: Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirec↗2003-03-18

▶

📋Vendor Advisories

Red Hat

Flash plugin DNS rebinding↗2007-10-08

▶

Red Hat

security flaw↗2002-08-08

▶

💬Community

Bugzilla

CVE-2002-1467 security flaw↗2018-08-16

▶

Bugzilla

CVE-2007-5275 Flash plugin DNS rebinding↗2007-11-05

▶