CVE-2008-1834
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
16/04/2008
Last modified:
09/04/2025
Description
swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:swfdec:swfdec:*:*:*:*:*:*:*:* | 0.6.2 (including) | |
| cpe:2.3:a:swfdec:swfdec:0.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:swfdec:swfdec:0.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:swfdec:swfdec:0.4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:swfdec:swfdec:0.4.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:swfdec:swfdec:0.4.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:swfdec:swfdec:0.4.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:swfdec:swfdec:0.5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:swfdec:swfdec:0.5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:swfdec:swfdec:0.5.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:swfdec:swfdec:0.5.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:swfdec:swfdec:0.5.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:swfdec:swfdec:0.5.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:swfdec:swfdec:0.5.90:*:*:*:*:*:*:* | ||
| cpe:2.3:a:swfdec:swfdec:0.6.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://gitweb.freedesktop.org/?p=swfdec/swfdec.git%3Ba%3Dcommit%3Bh%3D326ee4ff631ecc11605f1251e1923a94561a3823
- http://lists.freedesktop.org/archives/swfdec/2008-April/001321.html
- http://secunia.com/advisories/29915
- http://www.securityfocus.com/bid/28881
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41887
- http://gitweb.freedesktop.org/?p=swfdec/swfdec.git%3Ba%3Dcommit%3Bh%3D326ee4ff631ecc11605f1251e1923a94561a3823
- http://lists.freedesktop.org/archives/swfdec/2008-April/001321.html
- http://secunia.com/advisories/29915
- http://www.securityfocus.com/bid/28881
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41887