Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 16 Apr 2008 11:09:02 -0400 (EDT)
From: "Steven M. Christey" <>
Subject: Re: CVE request: Swfdec <0.6.4 remote file disclosure

Name: CVE-2008-1834
Status: Candidate
Reference: MLIST:[Swfdec] 20080409 Swfdec 0.6.4 released
Reference: URL:
Reference: CONFIRM:;a=commit;h=326ee4ff631ecc11605f1251e1923a94561a3823

swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict
local file access from untrusted sandboxes, which allows remote
attackers to read arbitrary files via a crafted Flash file.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.