BROWSER-PLUGINS ShockwaveFlash.ShockwaveFlash ActiveX clsid access
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 220.127.116.11 and 8.x up to 18.104.22.168 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
CVSS base score 4.3
CVSS impact score 2.9
CVSS exploitability score 8.6
- adobe flash_player 8
- adobe flash_player 9
Ease of attack
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
- Talos research team.
- This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
- For more information see nvd.