Vulnerability Note VU#758769
Adobe Flash Player asfunction protocol may enable cross-site scripting
The Adobe Flash player asfunction protocol could allow an attacker to conduct cross-site scripting attacks on websites that host vulnerable Flash files.
The Adobe Flash Player is a player for the Flash media format and enables frame-based animations and multimedia to be viewed within a web browser. ActionScript is a scripting language that is used to develop software and multimedia files that are processed by the Adobe Flash Player. The asfunction protocol enables HTTP hyperlinks in Flash files to launch a ActionScript functions.
Per Adobe Security Bulletin APSB07-20:
Note that vulnerable versions of the Flash Player may be distributed with various operating systems.
A remote, unauthenticated attacker may be able to launch cross-site scripting attacks against sites that host vulnerable Flash files.
Update Flash Player
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Adobe||Affected||-||19 Dec 2007|
CVSS Metrics (Learn More)
Adobe credits Rich Cannings of the Google Security Team for reporting this issue.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2007-6244
- Date Public: 19 Dec 2007
- Date First Published: 19 Dec 2007
- Date Last Updated: 15 Jan 2008
- Severity Metric: 14.58
- Document Revision: 24
If you have feedback, comments, or additional information about this vulnerability, please send us email.