Adobe Flash Player 7.0.x/8.0.x/9.0.x - ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability

EDB-ID: 30907 CVE: 2007-6244 OSVDB-ID: 41486
Verified: Author: Adam Barth Published: 2007-12-18
Download Exploit: Source Raw Download Vulnerable App: N/A

The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability.

An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.

This issue affects Adobe Flash Player,, and prior versions.

NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned its own BID because new technical details are available.