PT-2007-7133 · Adobe+1 · Flash Player+1
Rich Cannings
·
Publicado
2007-12-20
·
Atualizado
2018-10-30
·
CVE-2007-6244
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Adobe Flash Player versions 8.0.0 through 8.0.35.0
Adobe Flash Player versions 9.0.0 through 9.0.48.0
Description
The issue allows remote attackers to inject arbitrary web script or HTML via a SWF file that uses the
asfunction: protocol or the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.Recommendations
For Adobe Flash Player versions 8.0.0 through 8.0.35.0, update to a version later than 8.0.35.0 to resolve the issue.
For Adobe Flash Player versions 9.0.0 through 9.0.48.0, update to a version later than 9.0.48.0 to resolve the issue.
As a temporary workaround, consider disabling the use of the
asfunction: protocol and the navigateToURL function in the Flash Player ActiveX Control until a patch is available.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Flash Player
Internet Explorer