Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability

Bugtraq ID:	26949
Class:	Input Validation Error
CVE:	CVE-2007-6244 CVE-2008-6062
Remote:	Yes
Local:	No
Published:	Dec 18 2007 12:00AM
Updated:	Feb 18 2009 08:37PM
Credit:	Adobe credits Rich Cannings of the Google Security Team with the discovery of this vulnerability.
Vulnerable:	Turbolinux wizpy 0 Turbolinux FUJI 0 Sun Solaris 10.0_x86 Sun Solaris 10.0 Sun OpenSolaris build snv_88 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.1 RedHat Enterprise Linux Supplementary 5 server RedHat Enterprise Linux Extras 4.6.z RedHat Enterprise Linux Extras 4.5.z RedHat Enterprise Linux Extras 4 RedHat Enterprise Linux Extras 3 RedHat Enterprise Linux Desktop Supplementary 5 client Nortel Networks Self-Service - CCSS7 0 Nortel Networks Peri Workstation 0 Nortel Networks Peri Application 0 Nortel Networks Media Processing Svr 1000 Rel 3.0 Gentoo Linux Adobe Flash Player 9.0.48.0 Adobe Flash Player 9.0.47.0 Adobe Flash Player 9.0.45.0 Adobe Flash Player 9.0.31.0 Adobe Flash Player 9.0.28.0 Adobe Flash Player 8.0.34.0

Not Vulnerable:	Adobe Flash Player 9.0.115.0