Adobe Flex SDK Cross-Site Scripting (APSB11-25)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server hosts one or multiple .swf files affected by a
cross-site scripting vulnerability.

Description :

The remote host is hosting one or multiple Flash applets (.swf files)
that are using the Flex SDK. Flex is a SDK developed by Adobe that is
used to create rich web applications.

The .swf files stored on the remote host have been compiled with an
older version of the Flex compiler and may therefore be affected to a
cross-site scripting vulnerability.

See also :

http://www.adobe.com/support/security/bulletins/apsb11-25.html

Solution :

Either recompile the remote applications with a newer version of the
Flex SDK or use the SWF-patching tool Adobe provides.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 56992 ()

Bugtraq ID: 50869

CVE ID: CVE-2011-2461