Flash Player < Predictable Data Location Weakness

Medium Nessus Plugin ID 11952


The remote host contains an application that is affected by a remote file disclosure vulnerability.


The remote host is running a version of Flash Player older than

Such versions can be abused in conjunction with several flaws in the web browser to read local files on an affected system.

To exploit this issue, an attacker would need to lure a user of the software into visiting a rogue website containing a malicious Flash applet.


Upgrade to version or newer.

See Also


Plugin Details

Severity: Medium

ID: 11952

File Name: flash_player_local_files.nasl

Version: $Revision: 1.17 $

Type: local

Agent: windows

Family: Windows

Published: 2003/12/17

Modified: 2011/04/13

Dependencies: 28211

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:flash_player

Required KB Items: SMB/Flash_Player/installed

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2003/12/17

Reference Information

CVE: CVE-2003-1017

BID: 8900

OSVDB: 3057