The Adobe Flash player asfunction protocol could allow an attacker to conduct cross-site scripting attacks on websites that host vulnerable Flash files.
The Adobe Flash Player is a player for the Flash media format and enables frame-based animations and multimedia to be viewed within a web browser. ActionScript is a scripting language that is used to develop software and multimedia files that are processed by the Adobe Flash Player. The asfunction protocol enables HTTP hyperlinks in Flash files to launch a ActionScript functions.
Per Adobe Security Bulletin APSB07-20:
A remote, unauthenticated attacker may be able to launch cross-site scripting attacks against sites that host vulnerable Flash files.
Update Flash Player
Adobe credits Rich Cannings of the Google Security Team for reporting this issue.
This document was written by Ryan Giobbi.
|Date First Published:||2007-12-19|
|Date Last Updated:||2008-01-15 13:52 UTC|