Vulnerability Details CVE-2007-3640
Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent attackers to modify arbitrary files within an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that uses an APPEND open operation and the writeUTFBytes function. NOTE: this may be an intended consequence of the AIR permission model; if so, then perhaps this issue should not be included in CVE.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.7%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/41473
- http://osvdb.org/41474
- http://securityreason.com/securityalert/2882
- http://www.securityfocus.com/archive/1/472733/100/0/threaded
- http://osvdb.org/41473
- http://osvdb.org/41474
- http://securityreason.com/securityalert/2882
- http://www.securityfocus.com/archive/1/472733/100/0/threaded
Products affected by CVE-2007-3640
-
cpe:2.3:a:adobe:adobe_air:-
-
cpe:2.3:a:adobe:adobe_air:1.0
-
cpe:2.3:a:adobe:adobe_air:1.0.1
-
cpe:2.3:a:adobe:adobe_air:1.0.4990
-
cpe:2.3:a:adobe:adobe_air:1.0.8.4990
-
cpe:2.3:a:adobe:adobe_air:1.1
-
cpe:2.3:a:adobe:adobe_air:1.1.0.5790
-
cpe:2.3:a:adobe:adobe_air:1.5
-
cpe:2.3:a:adobe:adobe_air:1.5.0.7220
-
cpe:2.3:a:adobe:adobe_air:1.5.1
-
cpe:2.3:a:adobe:adobe_air:1.5.1.8210
-
cpe:2.3:a:adobe:adobe_air:1.5.2
-
cpe:2.3:a:adobe:adobe_air:1.5.3
-
cpe:2.3:a:adobe:adobe_air:1.5.3.9120
-
cpe:2.3:a:adobe:adobe_air:1.5.3.9130
-
cpe:2.3:a:adobe:adobe_air:13.0.0.111
-
cpe:2.3:a:adobe:adobe_air:13.0.0.83
-
cpe:2.3:a:adobe:adobe_air:14.0.0.110
-
cpe:2.3:a:adobe:adobe_air:14.0.0.137
-
cpe:2.3:a:adobe:adobe_air:2.0.2
-
cpe:2.3:a:adobe:adobe_air:2.0.2.12610
-
cpe:2.3:a:adobe:adobe_air:2.0.3
-
cpe:2.3:a:adobe:adobe_air:2.0.3.13070
-
cpe:2.3:a:adobe:adobe_air:2.0.4
-
cpe:2.3:a:adobe:adobe_air:2.5.0.16600
-
cpe:2.3:a:adobe:adobe_air:2.5.1.17730
-
cpe:2.3:a:adobe:adobe_air:2.6
-
cpe:2.3:a:adobe:adobe_air:2.6.0.19120
-
cpe:2.3:a:adobe:adobe_air:2.6.0.19140
-
cpe:2.3:a:adobe:adobe_air:2.6.19140
-
cpe:2.3:a:adobe:adobe_air:2.7
-
cpe:2.3:a:adobe:adobe_air:2.7.0.1948
-
cpe:2.3:a:adobe:adobe_air:2.7.0.19480
-
cpe:2.3:a:adobe:adobe_air:2.7.0.1953
-
cpe:2.3:a:adobe:adobe_air:2.7.0.19530
-
cpe:2.3:a:adobe:adobe_air:2.7.1
-
cpe:2.3:a:adobe:adobe_air:2.7.1.19610
-
cpe:2.3:a:adobe:adobe_air:3.0.0.408
-
cpe:2.3:a:adobe:adobe_air:3.0.0.4080
-
cpe:2.3:a:adobe:adobe_air:3.1.0.485
-
cpe:2.3:a:adobe:adobe_air:3.1.0.488
-
cpe:2.3:a:adobe:adobe_air:3.1.0.4880
-
cpe:2.3:a:adobe:adobe_air:3.2.0.207
-
cpe:2.3:a:adobe:adobe_air:3.2.0.2070
-
cpe:2.3:a:adobe:adobe_air:3.3.0.3670
-
cpe:2.3:a:adobe:adobe_air:3.4.0.2540
-
cpe:2.3:a:adobe:adobe_air:3.4.0.2710
-
cpe:2.3:a:adobe:adobe_air:3.5.0.1060
-
cpe:2.3:a:adobe:adobe_air:3.5.0.600
-
cpe:2.3:a:adobe:adobe_air:3.5.0.880
-
cpe:2.3:a:adobe:adobe_air:3.5.0.890
-
cpe:2.3:a:adobe:adobe_air:3.6.0.597
-
cpe:2.3:a:adobe:adobe_air:3.6.0.6090
-
cpe:2.3:a:adobe:adobe_air:3.7.0.1530
-
cpe:2.3:a:adobe:adobe_air:3.7.0.1860
-
cpe:2.3:a:adobe:adobe_air:3.7.0.2090
-
cpe:2.3:a:adobe:adobe_air:3.8.0.870
-
cpe:2.3:a:adobe:adobe_air:3.8.0.910
-
cpe:2.3:a:adobe:adobe_air:3.9.0.1030
-
cpe:2.3:a:adobe:adobe_air:3.9.0.1060
-
cpe:2.3:a:adobe:adobe_air:3.9.0.1210
-
cpe:2.3:a:adobe:adobe_air:3.9.0.1380
-
cpe:2.3:a:adobe:adobe_air:4.0.0.1390
-
cpe:2.3:a:adobe:adobe_air:4.0.0.1628