CVE-2008-4401
First published: Fri Oct 17 2008(Updated: )
ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Flash Player for Internet Explorer 11 | <=9.0.124.0 | |
| Adobe Flash Player for Internet Explorer 11 | =7.0 | |
| Adobe Flash Player for Internet Explorer 11 | =7.0.1 | |
| Adobe Flash Player for Internet Explorer 11 | =7.0.25 | |
| Adobe Flash Player for Internet Explorer 11 | =7.0.63 | |
| Adobe Flash Player for Internet Explorer 11 | =7.0.69.0 | |
| Adobe Flash Player for Internet Explorer 11 | =7.0.70.0 | |
| Adobe Flash Player for Internet Explorer 11 | =7.0_r67 | |
| Adobe Flash Player for Internet Explorer 11 | =7.1 | |
| Adobe Flash Player for Internet Explorer 11 | =7.1.1 | |
| Adobe Flash Player for Internet Explorer 11 | =7.2 | |
| Adobe Flash Player for Internet Explorer 11 | =8.0 | |
| Adobe Flash Player for Internet Explorer 11 | =8.0.24.0 | |
| Adobe Flash Player for Internet Explorer 11 | =8.0.34.0 | |
| Adobe Flash Player for Internet Explorer 11 | =8.0.35.0 | |
| Adobe Flash Player for Internet Explorer 11 | =8.0.39.0 | |
| Adobe Flash Player for Internet Explorer 11 | =9.0 | |
| Adobe Flash Player for Internet Explorer 11 | =9.0.112.0 | |
| Adobe Flash Player for Internet Explorer 11 | =9.0.114.0 | |
| Adobe Flash Player for Internet Explorer 11 | =9.0.115.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
- http://secunia.com/advisories/32270
- http://secunia.com/advisories/32448
- http://secunia.com/advisories/32702
- http://secunia.com/advisories/32759
- http://secunia.com/advisories/33390
- http://secunia.com/advisories/34226
- http://security.gentoo.org/glsa/glsa-200903-23.xml
- http://securitytracker.com/id?1021061
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
- http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
- http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
- http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
- http://www.adobe.com/support/security/bulletins/apsb08-18.html
- http://www.redhat.com/support/errata/RHSA-2008-0945.html
- http://www.redhat.com/support/errata/RHSA-2008-0980.html
- http://www.vupen.com/english/advisories/2008/2838
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45913
Frequently Asked Questions
What is the severity of CVE-2008-4401?
CVE-2008-4401 is considered a critical vulnerability due to its potential to allow unauthorized remote file uploads and downloads.
How do I fix CVE-2008-4401?
To fix CVE-2008-4401, you should upgrade Adobe Flash Player to version 9.0.124.1 or later.
What versions of Adobe Flash Player are affected by CVE-2008-4401?
CVE-2008-4401 affects Adobe Flash Player versions 9.0.124.0 and earlier, as well as several earlier versions including 7.x and 8.x.
What are the risks of CVE-2008-4401?
The risks of CVE-2008-4401 include potential exploitation by attackers to perform unauthorized actions like file uploads and downloads without user consent.
Is CVE-2008-4401 relevant for modern systems?
CVE-2008-4401 is less relevant for modern systems as Adobe Flash Player has been officially discontinued and is not supported in current browsers.
- agent/type
- agent/references
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/adobe
- canonical/adobe flash player for internet explorer 11
- version/adobe flash player for internet explorer 11/9.0.124.0
- version/adobe flash player for internet explorer 11/7.0
- version/adobe flash player for internet explorer 11/7.0.1
- version/adobe flash player for internet explorer 11/7.0.25
- version/adobe flash player for internet explorer 11/7.0.63
- version/adobe flash player for internet explorer 11/7.0.69.0
- version/adobe flash player for internet explorer 11/7.0.70.0
- version/adobe flash player for internet explorer 11/7.0_r67
- version/adobe flash player for internet explorer 11/7.1
- version/adobe flash player for internet explorer 11/7.1.1
- version/adobe flash player for internet explorer 11/7.2
- version/adobe flash player for internet explorer 11/8.0
- version/adobe flash player for internet explorer 11/8.0.24.0
- version/adobe flash player for internet explorer 11/8.0.34.0
- version/adobe flash player for internet explorer 11/8.0.35.0
- version/adobe flash player for internet explorer 11/8.0.39.0
- version/adobe flash player for internet explorer 11/9.0
- version/adobe flash player for internet explorer 11/9.0.112.0
- version/adobe flash player for internet explorer 11/9.0.114.0
- version/adobe flash player for internet explorer 11/9.0.115.0