// For flags

CVE-2007-6243

Flash Player cross-domain and cross-site scripting flaws

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.

Adobe Flash Player 9.x hasta 9.0.48.0, 8.x hasta 8.0.35.0, y 7.x hasta 7.0.70.0 no restringe suficientemente la interpretación y uso de los ficheros de políticas de cruce de dominios, lo cual facilita a atacantes remotos llevar a cabo ataques de salto de dominio y de secuencias de comandos en sitios cruzados (XSS).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-12-05 CVE Reserved
  • 2007-12-20 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-01-07 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (43)
URL Tag Source
http://jvn.jp/jp/JVN%2345675516/index.html Third Party Advisory
http://secunia.com/advisories/28161 Third Party Advisory
http://secunia.com/advisories/28570 Third Party Advisory
http://securitytracker.com/id?1019116 Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm X_refsource_confirm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid= X_refsource_confirm
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html X_refsource_misc
http://www.adobe.com/support/security/bulletins/apsb08-11.html X_refsource_confirm
http://www.kb.cert.org/vuls/id/935737 Third Party Advisory
http://www.securityfocus.com/bid/26929 Vdb Entry
http://www.securityfocus.com/bid/26966 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA07-355A.html Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-100A.html Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-150A.html Third Party Advisory
http://www.vupen.com/english/advisories/2007/4258 Vdb Entry
http://www.vupen.com/english/advisories/2008/1697 Vdb Entry
http://www.vupen.com/english/advisories/2008/1724/references Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/39129 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11069 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html 2017-09-29
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html 2017-09-29
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html 2017-09-29
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html 2017-09-29
http://secunia.com/advisories/28213 2017-09-29
http://secunia.com/advisories/29763 2017-09-29
http://secunia.com/advisories/29865 2017-09-29
http://secunia.com/advisories/30430 2017-09-29
http://secunia.com/advisories/30507 2017-09-29
http://secunia.com/advisories/32448 2017-09-29
http://secunia.com/advisories/32702 2017-09-29
http://secunia.com/advisories/32759 2017-09-29
http://secunia.com/advisories/33390 2017-09-29
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 2017-09-29
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 2017-09-29
http://www.adobe.com/support/security/bulletins/apsb07-20.html 2017-09-29
http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml 2017-09-29
http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml 2017-09-29
http://www.redhat.com/support/errata/RHSA-2008-0221.html 2017-09-29
http://www.redhat.com/support/errata/RHSA-2008-0945.html 2017-09-29
http://www.redhat.com/support/errata/RHSA-2008-0980.html 2017-09-29
https://access.redhat.com/security/cve/CVE-2007-6243 2008-11-12
https://bugzilla.redhat.com/show_bug.cgi?id=440664 2008-11-12
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Adobe
Search vendor "Adobe"
 Flash Player
Search vendor "Adobe" for product "Flash Player"
 <= 9.0.48.0
Search vendor "Adobe" for product "Flash Player" and version " <= 9.0.48.0"
-
Affected