Release date: December 23, 2007
Vulnerability identifier: APSA07-06
CVE number: CVE-2007-6637
Adobe has provided a Flash Player update to mitigate potential cross-site scripting vulnerabilities in SWF files. For more information, please refer to the APSB08-11 Security Bulletin.
Adobe has provided updates for Dreamweaver and Acrobat Connect that resolve these issues. For more information, please refer to Security Bulletins APSB08-01 and APSB08-02. In addition, Adobe strongly recommends Flash content creators utilize the data validation libraries found here: http://code.google.com/p/flash-validators/ to help prevent XSS vulnerabilities in their own custom SWFs, as well as follow the guidelines of the Adobe whitepaper Creating More Secure SWF Web Applications.