CVE-2008-4401 — Adobe Flash Player vulnerability

CWE-2644 documents4 sources

Severity

10.0CRITICALNVD

EPSS

8.7%

top 7.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player

Timeline

PublishedOct 17

Latest updateMay 2

Description

ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDadobe/flash_player9.0.124.0+19

Patches

Patch: secunia.com ↗Patch: www.adobe.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-x362-hgrj-5pw9: ActionScript in Adobe Flash Player 9↗2022-05-02

▶

📋Vendor Advisories

Red Hat

flash-plugin: upload/download user interaction↗2008-10-15

▶

💬Community

Bugzilla

CVE-2008-4401 flash-plugin: upload/download user interaction↗2008-10-08

▶