header-logo
Suggest Exploit
vendor:
Flash Player
by:
Unknown
7.5
CVSS
HIGH
Cross-Domain Scripting
79
CWE
Product Name: Flash Player
Affected Version From: 9.0.48.0
Affected Version To: 8.0.35.0
Patch Exists: YES
Related CWE: CVE-2007-0071
CPE: a:adobe:flash_player:9.0.48.0
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0221/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-04c6187d-2d8f-11dd-98c9-00163e000016/https://www.rapid7.com/db/vulnerabilities/apple-osx-flashplayerplugin-cve-2007-0071/https://www.rapid7.com/db/vulnerabilities/suse-cve-2007-0071/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2007-0071/
Other Scripts:
Platforms Tested: Windows, Linux, Mac
2007

Cross-Domain Scripting Vulnerability in Adobe Flash Player ActiveX control

The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability. An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.

Mitigation:

Upgrade to a version of Adobe Flash Player that is not affected by this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26960/info

The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability.

An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and prior versions.

NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned its own BID because new technical details are available.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30907.as

Navigation

Suggest Exploit

Services By CQR