Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6244

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6244
Last Modified 07 Mar 2011 10:02:15
Published 19 Dec 2007 08:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6244

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.

Vulnerable Systems

Application

  • Adobe Flash Player 8

  • Adobe Flash Player 9


References

CERT - TA07-355A

CERT-VN - VU#758769

VUPEN - ADV-2008-1724

VUPEN - ADV-2007-4258

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb07-20.html

XF - adobe-navigatetourl-xss(39131)

XF - adobe-asfunction-protocol-xss(39130)

BID - 26960

BID - 26949

BID - 26929

REDHAT - RHSA-2007:1126

GENTOO - GLSA-200801-07

SUNALERT - 238305

SECTRACK - 1019116

SECUNIA - 30507

SECUNIA - 28570

SECUNIA - 28213

SECUNIA - 28161

SECUNIA - 28157

SUSE - SUSE-SA:2007:069

MISC - http://crypto.stanford.edu/advisories/CVE-2007-6244/

Related Patches

Adobe APSB07-20 Flash Player 9.0.r115 for IE (Upgrade) (All Languages)

Adobe Contribute CS3 update FLVPlayer_Progressive.swf file for Mac

Adobe Dreamweaver CS3 update FLVPlayer_Streaming.swf file for Mac

Adobe Flash Player 9.0.115 for Mac OS X (PPC)

Adobe Flash Player 9.0.115 for Mac OS X (Universal)


Last Updated: 27 May 2016 10:46:26