swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| swfdec | swfdec | 0.5.5 |
| swfdec | swfdec | 0.5.90 |
| swfdec | swfdec | 0.5.4 |
| swfdec | swfdec | 0.4.1 |
| swfdec | swfdec | 0.4.5 |
| swfdec | swfdec | 0.6.0 |
| swfdec | swfdec | 0.5.2 |
| swfdec | swfdec | 0.5.3 |
| swfdec | swfdec | 0.4.3 |
| swfdec | swfdec | 0.5.0 |
| swfdec | swfdec | 0.4.0 |
| swfdec | swfdec | 0.4.2 |
| swfdec | swfdec | 0.4.4 |
| swfdec | swfdec | * |
| swfdec | swfdec | 0.5.1 |