CVE-2007-3640
Last modified
CVE-2007-3640 is a vulnerability of currently unknown severity. Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent attackers to modify arbitrary files within an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that uses an APPEND open operation and the writeUTFBytes function. NOTE: this may be an intended consequence of the AIR permission model; if so, then perhaps this issue should not be included in CVE.. EPSS estimates a 2.56% chance of exploitation in the next 30 days.
Description
Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent attackers to modify arbitrary files within an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that uses an APPEND open operation and the writeUTFBytes function. NOTE: this may be an intended consequence of the AIR permission model; if so, then perhaps this issue should not be included in CVE.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Adobe Air | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-3640?
How severe is CVE-2007-3640?
How do I fix CVE-2007-3640?
Are you affected by CVE-2007-3640?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST