CVE-2008-4401

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 9.0.124.0 and earlier

Description: The issue concerns ActionScript in Adobe Flash Player, which does not require user interaction for certain operations in the FileReference upload and download APIs. This allows remote attackers to create a browse dialog box via an SWF file, potentially having other unspecified impacts. The FileReference.browse operation in the FileReference upload API and the FileReference.download operation in the FileReference download API are specifically affected.

Recommendations: For Adobe Flash Player versions 9.0.124.0 and earlier, consider disabling the FileReference upload and download APIs until a patch is available. Restrict access to SWF files to minimize the risk of exploitation. Avoid using the FileReference.browse and FileReference.download operations in the affected APIs until the issue is resolved.