Intrusion Prevention



This indicates an attack attempt against a cross-site scripting vulnerability in Adobe Flash Player.
The vulnerability is caused by an error when the vulnerable software handles the "asfunction:" protocol. It allows a remote attacker to inject arbitrary web scripts or HTML via a malicious SWF file using this protocol call.

Affected Products

Adobe Flash Player 8.x up to
Adobe Flash Player 9.x up to


System Compromise: Remote attackers can inject arbitrary web scripts or HTML.

Recommended Actions

Upgrade to version

CVE References