For the complete experience, please enable JavaScript in your browser. Thank you!
Release date: December 23, 2007
Vulnerability identifier: APSA07-06
CVE number: CVE-2007-6637
Adobe has provided a Flash Player update to mitigate potential cross-site scripting vulnerabilities in SWF files. For more information, please refer to the APSB08-11 Security Bulletin.
Adobe has provided updates for Dreamweaver and Acrobat Connect that resolve these issues. For more information, please refer to Security Bulletins APSB08-01 and APSB08-02. In addition, Adobe strongly recommends Flash content creators utilize the data validation libraries found here: http://code.google.com/p/flash-validators/ to help prevent XSS vulnerabilities in their own custom SWFs, as well as follow the guidelines of the Adobe whitepaper Creating More Secure SWF Web Applications.
April 8, 2008 – Advisory updated with information on further mitigations in Flash Player 9.0.124.0 release
January 16, 2008 – Advisory updated with information on Dreamweaver and Connect fixes
Americas
Europe, Middle East and Africa
Asia Pacific
Copyright © 2024 Adobe Systems Incorporated. All rights reserved.
