cve-2008-6062
Vulnerability from cvelistv5
Published
2009-02-05 01:00
Modified
2024-08-07 11:20
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637.
References
cve@mitre.orghttp://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw
cve@mitre.orghttp://www.adobe.com/support/security/bulletins/apsb07-20.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/249337US Government Resource
cve@mitre.orghttp://www.securityfocus.com/archive/1/485722/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb07-20.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/249337US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/485722/100/100/threaded
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:20:24.320Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
          },
          {
            "name": "VU#249337",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/249337"
          },
          {
            "name": "20080102 XSS Vulnerabilities in Common Shockwave Flash Files",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485722/100/100/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter.  NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
        },
        {
          "name": "VU#249337",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/249337"
        },
        {
          "name": "20080102 XSS Vulnerabilities in Common Shockwave Flash Files",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485722/100/100/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-6062",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter.  NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw",
              "refsource": "MISC",
              "url": "http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb07-20.html",
              "refsource": "MISC",
              "url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
            },
            {
              "name": "VU#249337",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/249337"
            },
            {
              "name": "20080102 XSS Vulnerabilities in Common Shockwave Flash Files",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/485722/100/100/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-6062",
    "datePublished": "2009-02-05T01:00:00",
    "dateReserved": "2009-02-04T00:00:00",
    "dateUpdated": "2024-08-07T11:20:24.320Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-6062\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-02-05T01:30:00.313\",\"lastModified\":\"2024-11-21T00:55:34.600\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter.  NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en ActionScript en ficheros arbitrarios Shockwave Flash (SWF) creados por Adobe Dreamweaver, cuando se usa la caracter\u00edstica Insert Flash Video, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s una funci\u00f3n as: URI en el par\u00e1metro skinName. NOTA: deber\u00eda sobreescribir las vulnerabilidades CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4612B738-830D-417F-BD8B-7AA15010F193\"}]}]}],\"references\":[{\"url\":\"http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb07-20.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/249337\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/485722/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb07-20.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/249337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/485722/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.