CVE-2007-6244

Adobe Flash Player <9.0.48.0,8.0.35.0 - XSS

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-6244. PoCs published by Rich Cannings, Adam Barth.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Adobe Flash Player by injecting malicious JavaScript via the 'baseurl' parameter in a SWF file URL. The PoC uses the 'asfunction' protocol to execute arbitrary script code in the context of the affected site.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Rich Cannings · textremotemultiple

https://www.exploit-db.com/exploits/30905

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Adobe Flash Player by injecting malicious JavaScript via the 'baseurl' parameter in a SWF file URL. The PoC uses the 'asfunction' protocol to execute arbitrary script code in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Adobe Flash Player (versions affected by CVE-2007-6244)

No auth needed

Prerequisites: A vulnerable version of Adobe Flash Player · User interaction to visit a crafted URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Adam Barth · textremotelinux

https://www.exploit-db.com/exploits/30907

View Code ZIP pw:eip

The provided text describes a cross-domain scripting vulnerability in Adobe Flash Player ActiveX control, affecting versions 9.0.48.0, 8.0.35.0, and prior. It references an external exploit file but does not contain actual exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Moderate

Reliability

Theoretical

Target: Adobe Flash Player 9.0.48.0, 8.0.35.0, and prior

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (22)

Core 22

Core References

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28157

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30507

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/39131

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28570

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26960

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1724/references

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA07-355A.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml

Various Sources x_refsource_misc

http://crypto.stanford.edu/advisories/CVE-2007-6244/

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10210

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26929

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28161

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-1126.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/39130

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/4258

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1019116

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26949

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/758769

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28213

Various Sources x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb07-20.html

Scores

EPSS 0.1293

EPSS Percentile 95.8%

Details

CWE

CWE-79

Status published

Products (2)

adobe/flash_player 8.0

adobe/flash_player 9.0

Published Dec 20, 2007

Tracked Since Feb 18, 2026