|
|
Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
|
Bugtraq ID:
|
26966
|
|
Class:
|
Origin Validation Error
|
|
CVE:
|
CVE-2007-6243
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
Dec 18 2007 12:00AM
|
|
Updated:
|
Jul 15 2008 11:09PM
|
|
Credit:
|
Toshiharu Sugiyama of UBsecure, Inc. and JPCERT/CC are credited with the discovery of this vulnerability.
|
|
Vulnerable:
|
Turbolinux wizpy 0
Turbolinux FUJI 0
Sun Solaris 10.0_x86
Sun Solaris 10.0
Sun OpenSolaris build snv_88
S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 9
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
RedHat Enterprise Linux Supplementary 5 server
RedHat Enterprise Linux Extras 4.6.z
RedHat Enterprise Linux Extras 4.5.z
RedHat Enterprise Linux Extras 4
RedHat Enterprise Linux Extras 3
RedHat Enterprise Linux Desktop Supplementary 5 client
Nortel Networks Self-Service - CCSS7 0
Nortel Networks Peri Workstation 0
Nortel Networks Peri Application 0
Nortel Networks Media Processing Svr 1000 Rel 3.0
Gentoo Linux
Adobe Flex 3.0
Adobe Flash Professional 8
Adobe Flash Player 9.0.48.0
Adobe Flash Player 9.0.47.0
Adobe Flash Player 9.0.45.0
Adobe Flash Player 9.0.31.0
Adobe Flash Player 9.0.28.0
Adobe Flash Player 9.0.115.0
Adobe Flash Player 8.0.35.0
Adobe Flash Player 8.0.34.0
Adobe Flash Player 7.0.70.0
Adobe Flash Player 7.0.69.0
Adobe Flash CS3 Professional 0
Adobe Flash Basic 8
Adobe AIR 1.0
|
|
|
|
Not Vulnerable:
|
Adobe Flash Professional 8 8.0.42.0
Adobe Flash Player 9.0.124 .0
Adobe Flash Basic 8.0.42.0
Adobe AIR 1.01
|
|
|
