PT-2007-7132 · Adobe · Flash Player

Toshiharu Sugiyama

Published

2007-12-20

Updated

2017-09-29

CVE-2007-6243

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions 7.0.0 through 7.0.70.0 Adobe Flash Player versions 8.0.0 through 8.0.35.0 Adobe Flash Player versions 9.0.0 through 9.0.48.0

Description The issue makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks due to insufficient restriction of the interpretation and usage of cross-domain policy files.

Recommendations For Adobe Flash Player versions 7.0.0 through 7.0.70.0, update to a version later than 7.0.70.0. For Adobe Flash Player versions 8.0.0 through 8.0.35.0, update to a version later than 8.0.35.0. For Adobe Flash Player versions 9.0.0 through 9.0.48.0, update to a version later than 9.0.48.0.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2007-6243

RHSA-2007:1126

RHSA-2008:0221

RHSA-2008:0945

RHSA-2008:0980

Affected Products

Flash Player

PT-2007-7132 · Adobe · Flash Player

CVE-2007-6243

Weakness Enumeration

Related Identifiers

Affected Products

References · 43