Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6062

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-6062
Last Modified 05 Feb 2009 12:00:00
Published 04 Feb 2009 08:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6062

Summary

Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637.

Vulnerable Systems

Application

  • Adobe Dreamweaver


References

CERT-VN - VU#249337

MISC - http://www.adobe.com/support/security/bulletins/apsb07-20.html

BUGTRAQ - 20080102 XSS Vulnerabilities in Common Shockwave Flash Files

MISC - http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw


Last Updated: 27 May 2016 10:49:02