CVE-2007-6243

Severity

93%

Complexity

86%

Confidentiality

165%

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 17 years ago

2007-12-20 01:46:00

Last updated 7 years ago

2017-09-29 01:29:00

Affected Software

アドビシステムズ フラッシュプレーヤー

References

JVN#45675516

APPLE-SA-2008-05-28

SUSE-SA:2007:069

SUSE-SA:2008:022

SUSE-SR:2008:025

28161

28213

Vendor Advisory

28570

29763

Vendor Advisory

29865

Vendor Advisory

30430

Vendor Advisory

30507

Vendor Advisory

32448

Vendor Advisory

32702

Vendor Advisory

32759

Vendor Advisory

33390

Vendor Advisory

1019116

238305

248586

http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm

http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=

http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html

http://www.adobe.com/support/security/bulletins/apsb07-20.html

Vendor Advisory

http://www.adobe.com/support/security/bulletins/apsb08-11.html

GLSA-200801-07

GLSA-200804-21

VU#935737

US Government Resource

RHSA-2008:0221

RHSA-2008:0945

RHSA-2008:0980

26929

26966

TA07-355A

US Government Resource

TA08-100A

US Government Resource

TA08-150A

US Government Resource

ADV-2007-4258

ADV-2008-1697

ADV-2008-1724

adobe-unspecified-security-bypass(39129)

oval:org.mitre.oval:def:11069

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.