Vulnerability Description
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Flash Player | <= 9.0.48.0 |
Related Weaknesses (CWE)
References
- http://jvn.jp/jp/JVN%2345675516/index.html
- http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
- http://secunia.com/advisories/28161
- http://secunia.com/advisories/28213Vendor Advisory
- http://secunia.com/advisories/28570
- http://secunia.com/advisories/29763Vendor Advisory
- http://secunia.com/advisories/29865Vendor Advisory
- http://secunia.com/advisories/30430Vendor Advisory
- http://secunia.com/advisories/30507Vendor Advisory
- http://secunia.com/advisories/32448Vendor Advisory
- http://secunia.com/advisories/32702Vendor Advisory
- http://secunia.com/advisories/32759Vendor Advisory
FAQ
What is CVE-2007-6243?
CVE-2007-6243 is a vulnerability with a CVSS score of 9.3 (HIGH). Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for re...
How severe is CVE-2007-6243?
CVE-2007-6243 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6243?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player.