Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637.
References
Link | Resource |
---|---|
http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw | |
http://www.adobe.com/support/security/bulletins/apsb07-20.html | Patch Vendor Advisory |
http://www.kb.cert.org/vuls/id/249337 | US Government Resource |
http://www.securityfocus.com/archive/1/485722/100/100/threaded |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-02-05T01:00:00
Updated: 2018-10-11T19:57:01
Reserved: 2009-02-04T00:00:00
Link: CVE-2008-6062
JSON object: View
NVD Information
Status : Modified
Published: 2009-02-05T01:30:00.313
Modified: 2018-10-11T20:56:57.120
Link: CVE-2008-6062
JSON object: View
Redhat Information
No data.
CWE