Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1017 — Director vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

11.3%

top 6.44%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Macromedia Director Macromedia Flash Player

Timeline

PublishedJan 5

Latest updateApr 29

Description

Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmacromedia/flash_player9 versions+8

▶NVDmacromedia/director5.0

Patches

Patch: www.macromedia.com ↗Patch: www.securityfocus.com ↗Patch: www.macromedia.com ↗

🔴Vulnerability Details

GHSA

GHSA-mgw8-f263-mhhf: Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explore↗2022-04-29

▶

CVEList

CVE-2003-1017: Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explore↗2003-12-17

▶

💥Exploits & PoCs

Exploit-DB

Macromedia Flash Player 6.0.x - Flash Cookie Predictable File Location↗2003-10-24

▶