Vulnerability Note VU#168372
Adobe Flash Player allowScriptAccess protection bypass vulnerability
A vulnerability in Adobe Flash Player may allow a remote attacker to bypass allowScriptAccess protection.
Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser.
According to Adobe:
By convincing a victim to view a HTML document (web page, HTML email) containing specially crafted Adobe Flash SWF file, an attacker could access content in a different security domain than the one containing the attacker's document.
Upgrade Flash Player
Disable Adobe Flash Player in your web browser
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Adobe||Affected||-||20 Sep 2006|
|Apple Computer, Inc.||Affected||-||03 Oct 2006|
|Microsoft Corporation||Affected||-||14 Nov 2006|
CVSS Metrics (Learn More)
This issue was reported in Adobe Security bulletin APSB06-11.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2006-4640
- Date Public: 12 Sep 2006
- Date First Published: 20 Sep 2006
- Date Last Updated: 14 Nov 2006
- Severity Metric: 14.29
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.