CVE-2007-6244

Name: CVE-2007-6244
Creator: NVD / NIST
Published: 2007-12-20T01:46:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 12.93%

Last modified Jun 16, 2026

CVE-2007-6244 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.. EPSS estimates a 12.93% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.

Metrics

EPSS Probability

12.93%

95.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Adobe	Flash Player	8.0
Adobe	Flash Player	9.0

References

Timeline

Published: Dec 20, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-6244?

How severe is CVE-2007-6244?

Severity scoring for CVE-2007-6244 is pending analysis. The EPSS model estimates a 12.93% probability of exploitation in the next 30 days.

How do I fix CVE-2007-6244?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-6244?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST