CVE-2008-1834

swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file.

Link	Resource
http://lists.freedesktop.org/archives/swfdec/2008-April/001321.html	Patch
http://gitweb.freedesktop.org/?p=swfdec/swfdec.git;a=commit;h=326ee4ff631ecc11605f1251e1923a94561a3823
http://www.securityfocus.com/bid/28881
http://secunia.com/advisories/29915	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41887

Configuration 1

cpe:2.3:a:swfdec:swfdec:0.4.2:*:*:*:*:*:*:* cpe:2.3:a:swfdec:swfdec:0.5.4:*:*:*:*:*:*:* cpe:2.3:a:swfdec:swfdec:*:*:*:*:*:*:*:* cpe:2.3:a:swfdec:swfdec:0.5.2:*:*:*:*:*:*:* cpe:2.3:a:swfdec:swfdec:0.6.0:*:*:*:*:*:*:* cpe:2.3:a:swfdec:swfdec:0.5.5:*:*:*:*:*:*:* cpe:2.3:a:swfdec:swfdec:0.4.4:*:*:*:*:*:*:* cpe:2.3:a:swfdec:swfdec:0.4.1:*:*:*:*:*:*:* cpe:2.3:a:swfdec:swfdec:0.4.5:*:*:*:*:*:*:* cpe:2.3:a:swfdec:swfdec:0.5.1:*:*:*:*:*:*:* cpe:2.3:a:swfdec:swfdec:0.4.3:*:*:*:*:*:*:* cpe:2.3:a:swfdec:swfdec:0.4.0:*:*:*:*:*:*:* cpe:2.3:a:swfdec:swfdec:0.5.3:*:*:*:*:*:*:* cpe:2.3:a:swfdec:swfdec:0.5.90:*:*:*:*:*:*:* cpe:2.3:a:swfdec:swfdec:0.5.0:*:*:*:*:*:*:*

---

Published : 2008-04-16 04:05

Updated : 2017-08-08 01:30

---

NVD link : CVE-2008-1834

Mitre link : CVE-2008-1834

No products.

CWE-264