CVE-2007-6243Permissive Cross-domain Security Policy with Untrusted Domains in Adobe Flash Player

CWE-264CWE-942Permissive Cross-domain Security Policy with Untrusted DomainsCWE-79Cross-site Scripting5 documents5 sources
Severity
9.3CRITICALNVD
EPSS
38.9%
top 2.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Flash Player
Timeline
PublishedDec 20
Latest updateMay 1

Description

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDadobe/flash_player9.0.48.0

🔴Vulnerability Details

1
GHSA
GHSA-5jf8-m2pq-674g: Adobe Flash Player 92022-05-01

📋Vendor Advisories

1
Red Hat
Flash Player cross-domain and cross-site scripting flaws2007-12-05

📐Framework References

1
CWE
Permissive Cross-domain Security Policy with Untrusted Domains

💬Community

1
Bugzilla
CVE-2007-6243 Flash Player cross-domain and cross-site scripting flaws2008-04-04