| CVE ID | CVE-2007-6637 |
| CVSS SCORE | |
| AFFECTED VENDORS |
Adobe |
| AFFECTED PRODUCTS |
Flash Player |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to inject scripts across domains through vulnerable versions of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of scripts injected via Flash's redirect methods over both the data: and javascript: protocol handlers. Both cases result in the browser incorrectly executing the script code under the context of the redirecting hostname. The flashContentURL parameter to flash_detection.swf is a popular and widespread example of a vulnerable SWF file which can be abused. |
| ADDITIONAL DETAILS |
Adobe has issued an update to correct this vulnerability. More details can be found at:
http://www.adobe.com/support/security/bulletins/apsb08-11.html |
| DISCLOSURE TIMELINE |
|
| CREDIT | Anonymous |
