{"api_version":"1","generated_at":"2026-04-23T09:50:58+00:00","cve":"CVE-2003-1017","urls":{"html":"https://cve.report/CVE-2003-1017","api":"https://cve.report/api/cve/CVE-2003-1017.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2003-1017","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2003-1017"},"summary":{"title":"CVE-2003-1017","description":"Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names.","state":"PUBLISHED","assigner":"mitre","published_at":"2004-01-05 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html","name":"http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Macromedia - MPSB03-08 Update to Flash Player Addressing Local Shared Object Security","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/8900","name":"http://www.securityfocus.com/bid/8900","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"],"title":"Macromedia Flash Player Flash Cookie Predictable File Location Weakness","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14013","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14013","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2003-1017","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2003-1017","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2003","cve_id":"1017","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"macromedia","cpe5":"director","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1017","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"macromedia","cpe5":"flash_player","cpe6":"4.0_r12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1017","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"macromedia","cpe5":"flash_player","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1017","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"macromedia","cpe5":"flash_player","cpe6":"5.0_r50","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1017","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"macromedia","cpe5":"flash_player","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1017","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"macromedia","cpe5":"flash_player","cpe6":"6.0.29.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1017","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"macromedia","cpe5":"flash_player","cpe6":"6.0.40.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1017","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"macromedia","cpe5":"flash_player","cpe6":"6.0.47.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1017","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"macromedia","cpe5":"flash_player","cpe6":"6.0.65.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1017","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"macromedia","cpe5":"flash_player","cpe6":"6.0.79.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T02:12:35.392Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html"},{"name":"flash-file-predictable-location(14013)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14013"},{"name":"8900","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/8900"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2003-12-16T00:00:00.000Z","descriptions":[{"lang":"en","value":"Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-10T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html"},{"name":"flash-file-predictable-location(14013)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14013"},{"name":"8900","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/8900"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2003-1017","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html","refsource":"CONFIRM","url":"http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html"},{"name":"flash-file-predictable-location(14013)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14013"},{"name":"8900","refsource":"BID","url":"http://www.securityfocus.com/bid/8900"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2003-1017","datePublished":"2003-12-17T05:00:00.000Z","dateReserved":"2003-12-17T00:00:00.000Z","dateUpdated":"2024-08-08T02:12:35.392Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2004-01-05 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:macromedia:director:5.0:*:*:*:*:*:*:*","matchCriteriaId":"48F00DBC-26E9-4148-BB18-179310CA5F38"},{"vulnerable":true,"criteria":"cpe:2.3:a:macromedia:flash_player:4.0_r12:*:*:*:*:*:*:*","matchCriteriaId":"BAB0102B-7F42-40EA-AD40-B67C6942F860"},{"vulnerable":true,"criteria":"cpe:2.3:a:macromedia:flash_player:5.0:*:*:*:*:*:*:*","matchCriteriaId":"EF005FC1-50A0-4233-A500-1E677EACDBE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:macromedia:flash_player:5.0_r50:*:*:*:*:*:*:*","matchCriteriaId":"6BB0BE19-EB29-4DEB-883C-89CB2023E54B"},{"vulnerable":true,"criteria":"cpe:2.3:a:macromedia:flash_player:6.0:*:*:*:*:*:*:*","matchCriteriaId":"4F8A8FD0-F9C9-4125-B682-A7F2B73D9BA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:macromedia:flash_player:6.0.29.0:*:*:*:*:*:*:*","matchCriteriaId":"4B2A9976-1883-4D49-A512-C66FF12FDDCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:macromedia:flash_player:6.0.40.0:*:*:*:*:*:*:*","matchCriteriaId":"C20DFF23-6215-4860-B091-ECC1C1C08DA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:macromedia:flash_player:6.0.47.0:*:*:*:*:*:*:*","matchCriteriaId":"8E1B943A-38AD-4472-B143-B66567EBC9E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:macromedia:flash_player:6.0.65.0:*:*:*:*:*:*:*","matchCriteriaId":"141B7F64-5EDD-450D-A244-124366AD5800"},{"vulnerable":true,"criteria":"cpe:2.3:a:macromedia:flash_player:6.0.79.0:*:*:*:*:*:*:*","matchCriteriaId":"F44A2955-F536-4EA5-8D1E-94D35EE10B88"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2003","CveId":"1017","Ordinal":"1","Title":"CVE-2003-1017","CVE":"CVE-2003-1017","Year":"2003"},"notes":[{"CveYear":"2003","CveId":"1017","Ordinal":"1","NoteData":"Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names.","Type":"Description","Title":"CVE-2003-1017"},{"CveYear":"2003","CveId":"1017","Ordinal":"2","NoteData":"2003-12-17","Type":"Other","Title":"Published"},{"CveYear":"2003","CveId":"1017","Ordinal":"3","NoteData":"2017-07-10","Type":"Other","Title":"Modified"}]}}}