CVE-2007-6244
published 2007-12-20CVE-2007-6244: Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
12.93%
95.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect XSS attempts via the asfunction: protocol in SWF file URL parameters (e.g., ?baseurl=asfunction:getURL,javascript:...) ↗
- →Monitor Flash Player ActiveX Control usage of the navigateToURL API for cross-domain JavaScript execution in Internet Explorer ↗
- →Flag HTTP requests to .swf files containing 'asfunction:' in query string parameters as potential XSS exploitation attempts ↗
- →Inspect SWF files for use of pre-generated or crafted SWF content related to Adobe Dreamweaver CS3 or Adobe Acrobat Connect as potential XSS vectors ↗
- ·Vulnerability affects Adobe Flash Player 9.x up to and including 9.0.48.0 and 8.x up to and including 8.0.35.0; versions outside this range are not affected by this CVE ↗
- ·The navigateToURL attack vector is specific to the Flash Player ActiveX Control running in Internet Explorer; other browsers are not affected by that particular vector ↗
- ·The asfunction: XSS vector for CVE-2007-6637 is already covered under CVE-2007-6244; avoid double-counting detections ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m227-w3jm-cmgq: Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2008-6062 [MEDIUM] CWE-79 GHSA-m227-w3jm-cmgq: Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637.
GHSA
GHSA-qqg7-345x-wv56: Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-6637 [MEDIUM] CWE-79 GHSA-qqg7-345x-wv56: Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1.
GHSA
GHSA-h436-f9vq-939v: Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9
ghsa_unreviewed·2022-05-01
CVE-2007-6244 [MEDIUM] CWE-79 GHSA-h436-f9vq-939v: Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
Red Hat
Flash Player content injection flaw
vendor_redhat·2008-01-03·CVSS 4.3
CVE-2007-6637 [MEDIUM] Flash Player content injection flaw
Flash Player content injection flaw
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1.
Red Hat
flash: XSS via asfunction protocol
vendor_redhat·2007-12-17·CVSS 4.3
CVE-2007-6244 [MEDIUM] CWE-79 flash: XSS via asfunction protocol
flash: XSS via asfunction protocol
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
No detection rules found.
Exploit-DB
Adobe Flash Player 8.0.34.0/9.0.x - 'main.swf?baseurl' asfunction: Protocol Handler Cross-Site Scripting
exploitdb·2007-12-18
CVE-2007-6244 Adobe Flash Player 8.0.34.0/9.0.x - 'main.swf?baseurl' asfunction: Protocol Handler Cross-Site Scripting
Adobe Flash Player 8.0.34.0/9.0.x - 'main.swf?baseurl' asfunction: Protocol Handler Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/26949/info
Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/main.swf?baseurl=asfunction:getURL,javascript:alert(1)//
Exploit-DB
Adobe Flash Player 7.0.x/8.0.x/9.0.x - ActiveX Control 'navigateToURL' API Cross Domain Scripting
exploitdb·2007-12-18
CVE-2007-6244 Adobe Flash Player 7.0.x/8.0.x/9.0.x - ActiveX Control 'navigateToURL' API Cross Domain Scripting
Adobe Flash Player 7.0.x/8.0.x/9.0.x - ActiveX Control 'navigateToURL' API Cross Domain Scripting
---
source: https://www.securityfocus.com/bid/26960/info
The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability.
An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.
This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and prior versions.
NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned its own BID because new technical details are available.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30907.as
http://crypto.stanford.edu/advisories/CVE-2007-6244/http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.htmlhttp://secunia.com/advisories/28157http://secunia.com/advisories/28161http://secunia.com/advisories/28213http://secunia.com/advisories/28570http://secunia.com/advisories/30507http://securitytracker.com/id?1019116http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1http://www.adobe.com/support/security/bulletins/apsb07-20.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200801-07.xmlhttp://www.kb.cert.org/vuls/id/758769http://www.redhat.com/support/errata/RHSA-2007-1126.htmlhttp://www.securityfocus.com/bid/26929http://www.securityfocus.com/bid/26949http://www.securityfocus.com/bid/26960http://www.us-cert.gov/cas/techalerts/TA07-355A.htmlhttp://www.vupen.com/english/advisories/2007/4258http://www.vupen.com/english/advisories/2008/1724/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/39130https://exchange.xforce.ibmcloud.com/vulnerabilities/39131https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10210http://crypto.stanford.edu/advisories/CVE-2007-6244/http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.htmlhttp://secunia.com/advisories/28157http://secunia.com/advisories/28161http://secunia.com/advisories/28213http://secunia.com/advisories/28570http://secunia.com/advisories/30507http://securitytracker.com/id?1019116http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1http://www.adobe.com/support/security/bulletins/apsb07-20.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200801-07.xmlhttp://www.kb.cert.org/vuls/id/758769http://www.redhat.com/support/errata/RHSA-2007-1126.htmlhttp://www.securityfocus.com/bid/26929http://www.securityfocus.com/bid/26949http://www.securityfocus.com/bid/26960http://www.us-cert.gov/cas/techalerts/TA07-355A.htmlhttp://www.vupen.com/english/advisories/2007/4258http://www.vupen.com/english/advisories/2008/1724/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/39130https://exchange.xforce.ibmcloud.com/vulnerabilities/39131https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10210
2007-12-20
Published