Access Restriction Bypass Affecting flashplugin-nonfree package, versions <9.0.115.0.1


Severity

Recommended
0.0
high
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
66.97% (99th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN8-FLASHPLUGINNONFREE-432314
  • published20 Dec 2007
  • disclosed20 Dec 2007

Introduced: 20 Dec 2007

CVE-2007-6243  (opens in a new tab)
CWE-264  (opens in a new tab)

How to fix?

Upgrade Debian:8 flashplugin-nonfree to version 9.0.115.0.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream flashplugin-nonfree package and not the flashplugin-nonfree package as distributed by Debian. See How to fix? for Debian:8 relevant fixed versions and status.

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.

References

CVSS Scores

version 3.1