CVE-2007-3640

Name of the Vulnerable Software and Affected Versions Adobe Integrated Runtime (AIR, aka Apollo) (affected versions not specified)

Description The issue allows context-dependent attackers to modify arbitrary files within an executing .air file and perform cross-site scripting (XSS) attacks. This can be achieved by using JavaScript to modify an HTML file inside the application via an APPEND open operation and the writeUTFBytes function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.