Adobe Flash Player 7.0.x/8.0.x/9.0.x - ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability

2007-12-18T00:00:00
ID EDB-ID:30907
Type exploitdb
Reporter Adam Barth
Modified 2007-12-18T00:00:00

Description

Adobe Flash Player 7.0.x/8.0.x/9.0.x ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability. CVE-2007-6244. Remote exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/26960/info

The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability.

An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and prior versions.

NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned its own BID because new technical details are available.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/30907.as