Signature Detail

HTTP: Adobe Flash Player Cross Site Scripting

This signature detects attempts to exploit a known cross-site scripting vulnerability in the Adobe Flash Player. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.

Extended Description

Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Affected Products

• Adobe Flash Player 8.0.34.0
• Adobe Flash Player 9.0.28.0
• Adobe Flash Player 9.0.31.0
• Adobe Flash Player 9.0.45.0
• Adobe Flash Player 9.0.47.0
• Adobe Flash Player 9.0.48.0
• Gentoo Linux
• Nortel Networks Media Processing Svr 1000 Rel 3.0
• Nortel Networks Self-Service - CCSS7
• Nortel Networks Self-Service Peri Application
• Nortel Networks Self-Service Peri Workstation
• Red Hat Enterprise Linux Desktop Supplementary 5 Client
• Red Hat Enterprise Linux Extras 3
• Red Hat Enterprise Linux Extras 4
• Red Hat Enterprise Linux Extras 4.5.Z
• Red Hat Enterprise Linux Extras 4.6.Z
• Red Hat Enterprise Linux Supplementary 5 Server
• Sun OpenSolaris Build Snv 88
• Sun Solaris 10 Sparc
• Sun Solaris 10 X86
• SuSE Linux Personal 10.1
• SuSE Linux Professional 10.1
• SuSE Novell Linux Desktop 9.0.0
• SuSE openSUSE 10.2
• SuSE openSUSE 10.3
• SuSE SUSE Linux Enterprise Desktop 10 SP1
• Turbolinux FUJI
• Turbolinux wizpy

References

• BugTraq: 26949
• CVE: CVE-2007-6244