CVE-2002-1467

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).

Macromedia Flash Plugin anteriores a 6.0.47 permite a atacantes remotos saltarse las restricciones de mismo dominio y leer ficheros arbitrarios mediante Una redirección HTTP Una base "file://" en un documento web una URL relativa de una archivo web (fichero.mht)

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2003-02-05 CVE Reserved
2003-03-18 CVE Published
2024-08-08 CVE Updated
2024-08-08 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (6)

URL	Tag	Source
http://www.macromedia.com/v1/handlers/index.cfm?ID=23294	X_refsource_confirm

URL	Date	SRC
http://online.securityfocus.com/archive/1/286625	2024-08-08

URL	Date	SRC
http://www.iss.net/security_center/static/9797.php	2008-09-05
http://www.securityfocus.com/bid/5429	2008-09-05

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2002-1467	2003-07-09
https://bugzilla.redhat.com/show_bug.cgi?id=1616916	2003-07-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Macromedia Search vendor "Macromedia"		Flash Player Search vendor "Macromedia" for product "Flash Player"				6.0 Search vendor "Macromedia" for product "Flash Player" and version "6.0"		-		Affected
Macromedia Search vendor "Macromedia"		Flash Player Search vendor "Macromedia" for product "Flash Player"				6.0.29.0 Search vendor "Macromedia" for product "Flash Player" and version "6.0.29.0"		-		Affected
Macromedia Search vendor "Macromedia"		Flash Player Search vendor "Macromedia" for product "Flash Player"				6.0.40.0 Search vendor "Macromedia" for product "Flash Player" and version "6.0.40.0"		-		Affected
Macromedia Search vendor "Macromedia"		Shockwave Search vendor "Macromedia" for product "Shockwave"				8.0 Search vendor "Macromedia" for product "Shockwave" and version "8.0"		-		Affected