Executive Summary
Summary | |
---|---|
Title | Flash authoring tools create Flash files that contain cross-site scripting vulnerabilities |
Informations | |||
---|---|---|---|
Name | VU#249337 | First vendor Publication | 2008-01-02 |
Vendor | VU-CERT | Last vendor Modification | 2008-01-17 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#249337Flash authoring tools create Flash files that contain cross-site scripting vulnerabilitiesOverviewA number of authoring tools for Flash content may generate files that contain cross-site scripting vulnerabilities. Any site hosting Flash generated by an affected tool could be vulnerable to cross-site scripting.I. DescriptionActionScript is a scripting language based on ECMAScript (also referred to as JavaScript) used primarily for the development of websites and software using Adobe Flash. The resulting Flash content is typically published in the form of SWF files embedded in web pages. ActionScript within a Flash file creates dynamic content on the web and interacts with web browsers in a manner similar to JavaScript, VBScript, and other client-side scripting languages. As with traditional script content in HTML pages, improperly validated user-controlled input in Flash files can execute arbitrary ActionScript and JavaScript in the context of the domain hosting the affected Flash file. One specific type of vulnerability depends on the behavior of a special ActionScript protocol called asfunction. The asfunction protocol is used for URLs in HTML text fields and causes a link to invoke an ActionScript function in a Flash file instead of opening a URL. An attacker could call all public and static functions by supplying a string parameter to asfunction. There exist other types of vulnerabilities as well.Applications that generate Flash files (e.g., "save as SWF", "export to SWF", etc.) by using vulnerable templates or by including static Flash content like a controller may automatically insert generic and vulnerable ActionScript into saved files. As a result, all Flash files generated by these affected applications create cross-site scripting vulnerabilities in the domains hosting these files. Furthermore, exploitation of these vulnerabilities would be consistent across all sites using a particular product and vulnerable sites could be identified through a web search. Updates for affected authoring tools have been released to address this issue. Please see the Systems Affected section of this document for more information. Note that this section is not complete, vendors that create vulnerable Flash authoring tools may not be listed.
Systems Affected
References
Thanks to Rich Cannings of the Google Security Team for reporting this vulnerability. Stefano Di Paola of Minded Security originally published information about the general problem of cross-site scripting in Flash applications. This document was written by Chad Dougherty.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/249337 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56437 | InfoSoft FusionCharts Shockwave Flash (SWF) Actionscript dataURL Parameter IM... |
56436 | Adobe Dreamweaver Shockwave Flash (SWF) Actionscript skinName Parameter asfun... |
40102 | Camtasia Studio Pre-generated SWF File csPreloader Parameter XSS TechSmith Camtasia contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'csPreloader' variable upon calling an SWF file. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-01-10 | Name : The remote Windows host contains an application that reportedly allows arbitr... File : camtasia_cspreloader_cmd_exec.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:07:39 |
|