swfdec -- exposure of sensitive information

ID 5EF12755-1C6C-11DD-851D-0016D325A0ED
Type freebsd
Reporter FreeBSD
Modified 2008-04-09T00:00:00


Secunia reports:

A vulnerability has been reported in swfdec, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to swfdec not properly restricting untrusted sandboxes from reading local files, which can be exploited to disclose the content of arbitrary local files by e.g. tricking a user into visiting a malicious website.