Signature Detail
Short Name |
HTTP:STC:ADOBE:SWF-UNVRSL-XSS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Adobe Flash Player Universal Cross Site Scripting |
Release Date |
2012/02/16 |
Update Number |
2084 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Adobe Flash Player Universal Cross Site Scripting
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary Javascript execution.
Extended Description
Adobe Flash Player is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Affected Products
- Adobe Flash Player 10
- Adobe Flash Player 10.0.0.584
- Adobe Flash Player 10.0.12.10
- Adobe Flash Player 10.0.12 .35
- Adobe Flash Player 10.0.12 .36
- Adobe Flash Player 10.0.15 .3
- Adobe Flash Player 10.0.22.87
- Adobe Flash Player 10.0.32 18
- Adobe Flash Player 10.0.32.18
- Adobe Flash Player 10.0.42.34
- Adobe Flash Player 10.0.45 2
- Adobe Flash Player 10.0.45 2
- Adobe Flash Player 10.0.45.2
- Adobe Flash Player 10.1.102.64
- Adobe Flash Player 10.1.102.65
- Adobe Flash Player 10.1.105.6
- Adobe Flash Player 10.1.106.16
- Adobe Flash Player 10.1.51.66
- Adobe Flash Player 10.1.52.14.1
- Adobe Flash Player 10.1.52.15
- Adobe Flash Player 10.1.53.64
- Adobe Flash Player 10.1.82.76
- Adobe Flash Player 10.1.85.3
- Adobe Flash Player 10.1.92.10
- Adobe Flash Player 10.1.92.10
- Adobe Flash Player 10.1.92.8
- Adobe Flash Player 10.1.95.1
- Adobe Flash Player 10.1.95.2
- Adobe Flash Player 10.1.95.2
- Adobe Flash Player 10.1 Release Candidate
- Adobe Flash Player 10.2.152
- Adobe Flash Player 10.2.152.21
- Adobe Flash Player 10.2.152.32
- Adobe Flash Player 10.2.152.33
- Adobe Flash Player 10.2.153.1
- Adobe Flash Player 10.2.154.13
- Adobe Flash Player 10.2.154.18
- Adobe Flash Player 10.2.154.24
- Adobe Flash Player 10.2.154.25
- Adobe Flash Player 10.2.154.27
- Adobe Flash Player 10.2.154.28
- Adobe Flash Player 10.2.156.12
- Adobe Flash Player 10.2.157.51
- Adobe Flash Player 10.2.159.1
- Adobe Flash Player 10.3.181.14
- Adobe Flash Player 10.3.181.16
- Adobe Flash Player 10.3.181.16
- Adobe Flash Player 10.3.181.22
- Adobe Flash Player 10.3.181.23
- Adobe Flash Player 10.3.181.26
- Adobe Flash Player 10.3.181.34
- Adobe Flash Player 10.3.183.10
- Adobe Flash Player 10.3.183.4
- Adobe Flash Player 10.3.183.5
- Adobe Flash Player 10.3.183.7
- Adobe Flash Player 10.3.185.21
- Adobe Flash Player 10.3.185.22
- Adobe Flash Player 10.3.185.22
- Adobe Flash Player 10.3.185.23
- Adobe Flash Player 10.3.185.25
- Adobe Flash Player 10.3.186.2
- Adobe Flash Player 10.3.186.3
- Adobe Flash Player 10.3.186.6
- Adobe Flash Player 10.3.186.7
- Adobe Flash Player 11.0.1.152
- Adobe Flash Player 11.1.102.55
- Adobe Flash Player 11.1.111.5
- Adobe Flash Player 11.1.112.61
- Gentoo Linux
- Red Hat Enterprise Linux Desktop Supplementary 5 Client
- Red Hat Enterprise Linux Desktop Supplementary 6
- Red Hat Enterprise Linux Server Supplementary 6
- Red Hat Enterprise Linux Supplementary 5 Server
- Red Hat Enterprise Linux Workstation Supplementary 6
- Research In Motion Blackberry PlayBook Tablet Software 2.0.1.358
- SuSE openSUSE 11.4
- SuSE SUSE Linux Enterprise Desktop 10 SP4
- SuSE SUSE Linux Enterprise Desktop 11 SP1
- SuSE SUSE Linux Enterprise Desktop 11 SP1 for SP2
References
- BugTraq: 52040
- CVE: CVE-2012-0767