CVE-2007-6637

NameCVE-2007-6637
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs459071

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
flashplugin-nonfree (PTS)jessie/contrib1:3.6.1+deb8u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
flashplugin-nonfreesource(unstable)1:1.4459071

Notes

[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
http://www.adobe.com/support/security/advisories/apsa07-06.html
Search for package or bug name: Reporting problems