CVE-2007-6242 — Improper Input Validation in Adobe Flash Player

CWE-20 — Improper Input Validation CWE-79 — Cross-site Scripting6 documents4 sources

Severity

6.8MEDIUMNVD

NVD4.3

EPSS

45.8%

top 2.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player

Timeline

PublishedDec 20

Latest updateMay 14

Description

Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDadobe/flash_player9.0.16.0 — 9.0.48.0

🔴Vulnerability Details

GHSA

GHSA-m227-w3jm-cmgq: Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash↗2022-05-14

▶

GHSA

GHSA-9www-c4ch-pp3w: Unspecified vulnerability in Adobe Flash Player 9↗2022-05-01

▶

📋Vendor Advisories

Red Hat

flash: abitrary code execution↗2007-12-17

▶

💬Community

Bugzilla

CVE-2007-6242 flash: abitrary code execution↗2007-12-05

▶