Vulnerability Name:

CVE-2003-1017 (CCN-14013)

Assigned:2003-12-16
Published:2003-12-16
Updated:2017-07-11
Summary:Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2003-1017

Source: CCN
Type: Macromedia Security Bulletin MPSB03-08
Update to Flash Player Addressing Local Shared Object Security

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html

Source: CCN
Type: Macromedia Web site
Macromedia Web Player Download Center

Source: CCN
Type: OSVDB ID: 3057
Macromedia Flash Player Predictable Data Location Weakness

Source: BID
Type: Exploit, Patch, Vendor Advisory
8900

Source: CCN
Type: BID-8900
Macromedia Flash Player Flash Cookie Predictable File Location Weakness

Source: XF
Type: UNKNOWN
flash-file-predictable-location(14013)

Source: XF
Type: UNKNOWN
flash-file-predictable-location(14013)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:macromedia:director:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:4.0_r12:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:5.0_r50:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.29.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.40.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.47.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.65.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.79.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:macromedia:flash_player:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:director:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:4.0_r12:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:5.0_r50:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.29.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.40.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.47.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.65.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:flash_player:6.0.79.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    macromedia director 5.0
    macromedia flash player 4.0_r12
    macromedia flash player 5.0
    macromedia flash player 5.0_r50
    macromedia flash player 6.0
    macromedia flash player 6.0.29.0
    macromedia flash player 6.0.40.0
    macromedia flash player 6.0.47.0
    macromedia flash player 6.0.65.0
    macromedia flash player 6.0.79.0
    macromedia flash player 5.0
    macromedia flash player 6.0
    macromedia director 5.0
    macromedia flash player 4.0_r12
    macromedia flash player 5.0_r50
    macromedia flash player 6.0.29.0
    macromedia flash player 6.0.40.0
    macromedia flash player 6.0.47.0
    macromedia flash player 6.0.65.0
    macromedia flash player 6.0.79.0