Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6244Cross-site Scripting in Adobe Flash Player

CWE-79Cross-site Scripting11 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
69.1%
top 1.36%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Flash Player
Timeline
PublishedDec 20
Latest updateMay 14

Description

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDadobe/flash_player19 versions+18

🔴Vulnerability Details

3
GHSA
GHSA-m227-w3jm-cmgq: Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash2022-05-14
GHSA
GHSA-qqg7-345x-wv56: Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted2022-05-01
GHSA
GHSA-h436-f9vq-939v: Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 92022-05-01

💥Exploits & PoCs

2
Exploit-DB
Adobe Flash Player 8.0.34.0/9.0.x - 'main.swf?baseurl' asfunction: Protocol Handler Cross-Site Scripting2007-12-18
Exploit-DB
Adobe Flash Player 7.0.x/8.0.x/9.0.x - ActiveX Control 'navigateToURL' API Cross Domain Scripting2007-12-18

📋Vendor Advisories

2
Red Hat
Flash Player content injection flaw2008-01-03
Red Hat
flash: XSS via asfunction protocol2007-12-17

💬Community

1
Bugzilla
CVE-2007-6244 flash: XSS via asfunction protocol2007-12-06