// For flags

CVE-2007-6244

Adobe Flash Player 7.0.x/8.0.x/9.0.x - ActiveX Control 'navigateToURL' API Cross Domain Scripting

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.

Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en Adobe Flash Player 9.x hasta la 9.0.48.0 y 8.x hasta la 8.0.35.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un (1) archivo SWF que utiliza la función as: protocol o (2) la función navigateToURL cuando se utiliza con el Control ActiveX Flash Player en Internet Explorer.

Multiple vulnerabilities have been identified, the worst of which allow arbitrary code execution on a user's system via a malicious Flash file. Versions less than 9.0.115.0 are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-12-05 CVE Reserved
  • 2007-12-20 CVE Published
  • 2014-01-14 First Exploit
  • 2024-08-07 CVE Updated
  • 2025-05-28 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (26)
URL Tag Source
http://crypto.stanford.edu/advisories/CVE-2007-6244 X_refsource_misc
http://secunia.com/advisories/28157 Third Party Advisory
http://secunia.com/advisories/28161 Third Party Advisory
http://secunia.com/advisories/28213 Third Party Advisory
http://secunia.com/advisories/28570 Third Party Advisory
http://secunia.com/advisories/30507 Third Party Advisory
http://securitytracker.com/id?1019116 Vdb Entry
http://www.adobe.com/support/security/bulletins/apsb07-20.html X_refsource_confirm
http://www.kb.cert.org/vuls/id/758769 Third Party Advisory
http://www.securityfocus.com/bid/26929 Vdb Entry
http://www.securityfocus.com/bid/26949 Vdb Entry
http://www.securityfocus.com/bid/26960 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA07-355A.html Third Party Advisory
http://www.vupen.com/english/advisories/2007/4258 Vdb Entry
http://www.vupen.com/english/advisories/2008/1724/references Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/39130 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/39131 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10210 Signature
URL Date SRC
https://www.exploit-db.com/exploits/30907 2014-01-20
https://www.exploit-db.com/exploits/30905 2014-01-14
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html 2018-10-30
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 2018-10-30
http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml 2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-1126.html 2018-10-30
https://access.redhat.com/security/cve/CVE-2007-6244 2007-12-18
https://bugzilla.redhat.com/show_bug.cgi?id=414501 2007-12-18
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Adobe
Search vendor "Adobe"
 Flash Player
Search vendor "Adobe" for product "Flash Player"
 8.0
Search vendor "Adobe" for product "Flash Player" and version "8.0"
-
Affected
Adobe
Search vendor "Adobe"
 Flash Player
Search vendor "Adobe" for product "Flash Player"
 9.0
Search vendor "Adobe" for product "Flash Player" and version "9.0"
-
Affected