Adobe Flash Player 7.0.x/8.0.x/9.0.x - ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability

EDB-ID: 30907 CVE: 2007-6244 OSVDB-ID: 41486
Author: Adam Barth Published: 2007-12-18 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A


Prev Home Next

The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability.

An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.

This issue affects Adobe Flash Player,, and prior versions.

NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned its own BID because new technical details are available.