CVE-2008-1834

swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://gitweb.freedesktop.org/?p=swfdec/swfdec.git%3Ba=commit%3Bh=326ee4ff631ecc11605f1251e1923a94561a3823
http://lists.freedesktop.org/archives/swfdec/2008-April/001321.html	Patch
http://secunia.com/advisories/29915	Vendor Advisory
http://www.securityfocus.com/bid/28881
https://exchange.xforce.ibmcloud.com/vulnerabilities/41887
http://gitweb.freedesktop.org/?p=swfdec/swfdec.git%3Ba=commit%3Bh=326ee4ff631ecc11605f1251e1923a94561a3823
http://lists.freedesktop.org/archives/swfdec/2008-April/001321.html	Patch
http://secunia.com/advisories/29915	Vendor Advisory
http://www.securityfocus.com/bid/28881
https://exchange.xforce.ibmcloud.com/vulnerabilities/41887

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:swfdec:swfdec::::::::
	cpe:2.3:a:swfdec:swfdec:0.4.0:::::::*
	cpe:2.3:a:swfdec:swfdec:0.4.1:::::::*
	cpe:2.3:a:swfdec:swfdec:0.4.2:::::::*
	cpe:2.3:a:swfdec:swfdec:0.4.3:::::::*
	cpe:2.3:a:swfdec:swfdec:0.4.4:::::::*
	cpe:2.3:a:swfdec:swfdec:0.4.5:::::::*
	cpe:2.3:a:swfdec:swfdec:0.5.0:::::::*
	cpe:2.3:a:swfdec:swfdec:0.5.1:::::::*
	cpe:2.3:a:swfdec:swfdec:0.5.2:::::::*
	cpe:2.3:a:swfdec:swfdec:0.5.3:::::::*
	cpe:2.3:a:swfdec:swfdec:0.5.4:::::::*
	cpe:2.3:a:swfdec:swfdec:0.5.5:::::::*
	cpe:2.3:a:swfdec:swfdec:0.5.90:::::::*
	cpe:2.3:a:swfdec:swfdec:0.6.0:::::::*

History

21 Nov 2024, 00:45

Type	Values Removed	Values Added
References	~~() http://gitweb.freedesktop.org/?p=swfdec/swfdec.git%3Ba=commit%3Bh=326ee4ff631ecc11605f1251e1923a94561a3823 -~~	() http://gitweb.freedesktop.org/?p=swfdec/swfdec.git%3Ba=commit%3Bh=326ee4ff631ecc11605f1251e1923a94561a3823 -
References	~~() http://lists.freedesktop.org/archives/swfdec/2008-April/001321.html - Patch~~	() http://lists.freedesktop.org/archives/swfdec/2008-April/001321.html - Patch
References	~~() http://secunia.com/advisories/29915 - Vendor Advisory~~	() http://secunia.com/advisories/29915 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/28881 -~~	() http://www.securityfocus.com/bid/28881 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/41887 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/41887 -

Information

Published : 2008-04-16 16:05

Updated : 2025-04-09 00:30

NVD link : CVE-2008-1834

Mitre link : CVE-2008-1834

CVE.ORG link : CVE-2008-1834

JSON object : View

Products Affected

swfdec

swfdec

CWE

CWE-264

Permissions, Privileges, and Access Controls

4.3 /10