CVE-2007-2022

MEDIUM

Description

Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.

References

ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc

http://secunia.com/advisories/24877

http://secunia.com/advisories/25027

http://secunia.com/advisories/25432

http://secunia.com/advisories/25662

http://secunia.com/advisories/25669

http://secunia.com/advisories/25894

http://secunia.com/advisories/25933

http://secunia.com/advisories/26027

http://secunia.com/advisories/26118

http://secunia.com/advisories/26357

http://secunia.com/advisories/26860

http://secunia.com/advisories/28068

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1

http://www.adobe.com/support/security/advisories/apsa07-03.html

http://www.adobe.com/support/security/bulletins/apsb07-12.html

http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2007:138

http://www.novell.com/linux/security/advisories/2007_12_sr.html

http://www.novell.com/linux/security/advisories/2007_28_opera.html

http://www.novell.com/linux/security/advisories/2007_46_flashplayer.html

http://www.opera.com/support/search/view/858/

http://www.redhat.com/support/errata/RHSA-2007-0494.html

http://www.securityfocus.com/bid/23437

http://www.securitytracker.com/id?1017903

http://www.us-cert.gov/cas/techalerts/TA07-192A.html

http://www.vupen.com/english/advisories/2007/1361

http://www.vupen.com/english/advisories/2007/2497

http://www.vupen.com/english/advisories/2007/4190

https://exchange.xforce.ibmcloud.com/vulnerabilities/33595

https://issues.rpath.com/browse/RPL-1462

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9332

Details

Source: MITRE

Published: 2007-04-13

Updated: 2017-10-11

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM