Upstream information

CVE-2007-6243 at MITRE

Description

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 9.3
Vector AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 310213 [RESOLVED / FIXED], 435201 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.1
  • flash-player >= 9.0.124.0-0.2
SUSE LINUX 10.1
  • flash-player >= 9.0.115.0-0.2
openSUSE 11.0
  • flash-player >= 9.0.151.0-0.1
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • flash-player >= 9.0.48.0-4.4
Builds
ZYPP Patch Nr: 4856
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • flash-player >= 9.0.124.0-0.1
Builds
YOU Patch Nr: 12136
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • flash-player >= 9.0.115.0-0.2
Builds
YOU Patch Nr: 12051
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • flash-player >= 9.0.151.0-0.1
sles9-nld.x86-64
sled10-sp2.x86-64
sles9-nld.x86
sled10-sp2.x86
sled10.x86-64
sled10.x86
ZYPP Patch Nr: 5757