PT-2007-7133 · Adobe+1 · Flash Player+1
Rich Cannings
·
Published
2007-12-20
·
Updated
2018-10-30
·
CVE-2007-6244
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Adobe Flash Player versions 8.0.0 through 8.0.35.0
Adobe Flash Player versions 9.0.0 through 9.0.48.0
Description
The issue allows remote attackers to inject arbitrary web script or HTML via a SWF file that uses the
asfunction: protocol or the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.Recommendations
For Adobe Flash Player versions 8.0.0 through 8.0.35.0, update to a version later than 8.0.35.0 to resolve the issue.
For Adobe Flash Player versions 9.0.0 through 9.0.48.0, update to a version later than 9.0.48.0 to resolve the issue.
As a temporary workaround, consider disabling the use of the
asfunction: protocol and the navigateToURL function in the Flash Player ActiveX Control until a patch is available.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flash Player
Internet Explorer