CVE-2008-4401

N/A Unknown

Published: October 17, 2008 Modified: April 23, 2026

Description

ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

Source: cve@mitre.org

http://secunia.com/advisories/32270

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/32448

Source: cve@mitre.org

http://secunia.com/advisories/32702

Source: cve@mitre.org

http://secunia.com/advisories/32759

Source: cve@mitre.org

http://secunia.com/advisories/33390

Source: cve@mitre.org

http://secunia.com/advisories/34226

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200903-23.xml

Source: cve@mitre.org

http://securitytracker.com/id?1021061

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm

Source: cve@mitre.org

http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html

Source: cve@mitre.org

http://www.adobe.com/support/security/bulletins/apsb08-18.html

Source: cve@mitre.org

Patch Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2008-0945.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2008-0980.html

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/2838

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/45913

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32270

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://secunia.com/advisories/32448

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32702

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32759

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33390

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34226

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200903-23.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1021061

Source: af854a3a-2127-422b-91ae-364da2661108

http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.adobe.com/support/security/bulletins/apsb08-18.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2008-0945.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2008-0980.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/2838

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/45913

Source: af854a3a-2127-422b-91ae-364da2661108

36 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

8.7%

92th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

adobe

Related CVEs

CVE-2026-41279 N/A

CVE-2026-41278 N/A

CVE-2026-41277 N/A

CVE-2026-41276 N/A

CVE-2026-41275 N/A