Intrusion Prevention

Adobe.Flash.Player.Asfunction.Protocol.XSS

Description

This indicates an attack attempt against a cross-site scripting vulnerability in Adobe Flash Player.
The vulnerability is caused by an error when the vulnerable software handles the "asfunction:" protocol. It allows a remote attacker to inject arbitrary web scripts or HTML via a malicious SWF file using this protocol call.

Affected Products

Adobe Flash Player 8.x up to 8.0.35.0
Adobe Flash Player 9.x up to 9.0.48.0

Impact

System Compromise: Remote attackers can inject arbitrary web scripts or HTML.

Recommended Actions

Upgrade to version 9.0.115.0

CVE References

CVE-2007-6244