Summary
This host is installed with Adobe Flex SDK and is prone to cross site scripting vulnerability.
Impact
Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Apply the patch from below link
http://kb2.adobe.com/cps/915/cpsid_91544.html
*****
NOTE: Ignore this warning if patch is applied already.
*****
**************************************************************** Note: This script detects Adobe Flex SDK installed as part of Adobe Flex Builder only. If SDK is installed seperately, manual verification is required.
****************************************************************
Insight
The flaw is due to certain unspecified input passed to SWF files developed using the framework is not properly sanitised before being returned to the user.
Affected
Adobe Flex SDK version 3.x through 3.6 and 4.x through 4.5.1
References
Severity
Classification
-
CVE CVE-2011-2461 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe Reader Multiple Vulnerabilities - Aug07 (Mac OS X)
- Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Windows)
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Mac OS X)
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Mac OS X)
- Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)