CVE-2008-6062

Currently unrated

Key Information:

Vendor: Adobe
Status: Dreamweaver
Vendor: CVE Published:; 5 February 2009

Summary

Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637.

References

http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw

x_refsource_MISC

http://www.adobe.com/support/security/bulletins/apsb07-20...

x_refsource_MISC

http://www.kb.cert.org/vuls/id/249337

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Feb 5, 2009
Vulnerability Reserved
Feb 4, 2009