| Revision Date: | 2015-08-03 | Version: | 40 |
| Title: | Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer. |
| Description: | Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer. |
| Family: | windows | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2007-6244
|
| Platform(s): | Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
| Product(s): | Adobe Flash Player
|
| Definition Synopsis |
| Adobe Flash Player section Adobe Flash Player 9 is installed
AND Adobe Flash Player version is less than or equal 9.0.48.0
OR Flash.ocx section
ActiveX Control is installed
AND Determine if the version of Flash.ocx is less than or equal 9.0.48.0
AND Determine if the version of Flash.ocx is greater than or equal 9.0
|