Intrusion Prevention

Adobe.Flex.History.Management.XSS

Description

This indicates an attempt to exploit a cross-site scripting (XSS) vulnerability in the Adobe Flex application.
The vulnerability is caused the application's failure to properly sanitize user-supplied input. An attacker may exploit this vulnerability to steal authentication information from the victim's cookies, and to execute arbitrary scripting code.

Affected Products

Adobe Flex 3.0.1 SDK and Flex Builder 3.

Impact

System Compromise: remote attackers can inject arbitrary web scripts or HTML.

Recommended Actions

Apply the fix (3.0.2 SDK Update), available from the following websites:
http://opensource.adobe.com/wiki/display/flexsdk/Download+Flex+3
http://www.adobe.com/support/security/bulletins/downloads/historyFrame.zip

CVE References

CVE-2008-2640