Date: Wed, 16 Apr 2008 11:09:02 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: Swfdec <0.6.4 remote file disclosure ====================================================== Name: CVE-2008-1834 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1834 Reference: MLIST:[Swfdec] 20080409 Swfdec 0.6.4 released Reference: URL:http://lists.freedesktop.org/archives/swfdec/2008-April/001321.html Reference: CONFIRM:http://gitweb.freedesktop.org/?p=swfdec/swfdec.git;a=commit;h=326ee4ff631ecc11605f1251e1923a94561a3823 swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.