• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Adobe Flash Player Clipboard Security Weakness

Severity: MODERATE

Description:

Adobe Flash Player is an application for playing Flash media files.

Adobe Flash Player is prone to a security weakness that may allow attackers to inject arbitrary content into a user's clipboard.

The issue occurs because ActionScript can set data on the system clipboard at any time. The SWF files can set the clipboard of an unsuspecting user using the 'System.setClipboard()' method outside of an event triggered by user interaction.

Attackers can exploit this issue to overwrite content that is contained in a victim's clipboard. As a result, attacker-supplied URIs can persist in the victim's clipboard.

Affected Products:

• Adobe Flash Player 8.0.34.0
• Adobe Flash Player 8.0.35.0
• Adobe Flash Player 9
• Adobe Flash Player 9.0.115.0
• Adobe Flash Player 9.0.124.0
• Adobe Flash Player 9.0.28.0
• Adobe Flash Player 9.0.31.0
• Adobe Flash Player 9.0.45.0
• Adobe Flash Player 9.0.47.0
• Adobe Flash Player 9.0.48.0
• Gentoo Linux
• Nortel Networks Self-Service - CCSS7
• Nortel Networks Self-Service MPS 1000
• Nortel Networks Self-Service Peri Application
• Nortel Networks Self-Service Peri Workstation
• RedHat Enterprise Linux Desktop Supplementary 5 client
• RedHat Enterprise Linux Extras 3
• RedHat Enterprise Linux Extras 4
• RedHat Enterprise Linux Supplementary 5 server
• S.u.S.E. Novell Linux Desktop 9
• S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1
• S.u.S.E. SUSE Linux Enterprise Desktop 10 SP2
• S.u.S.E. openSUSE 10.2
• S.u.S.E. openSUSE 10.3
• S.u.S.E. openSUSE 11.0
• Sun OpenSolaris build snv_100
• Sun OpenSolaris build snv_101
• Sun OpenSolaris build snv_102
• Sun OpenSolaris build snv_103
• Sun OpenSolaris build snv_85
• Sun OpenSolaris build snv_87
• Sun OpenSolaris build snv_88
• Sun OpenSolaris build snv_89
• Sun OpenSolaris build snv_90
• Sun OpenSolaris build snv_91
• Sun OpenSolaris build snv_92
• Sun OpenSolaris build snv_95
• Sun OpenSolaris build snv_96
• Sun Solaris 10_sparc
• Sun Solaris 10_x86

References:

• Adobe: APSB08-18 Flash Player update available to address security vulnerabilities
• Adobe: Adobe Clipboard Attack
• Adobe: Adobe Homepage
• Adobe: Clipboard attack update
• Adobe: Setting data on the system Clipboard requires user interaction
• Avaya: Multiple Security Vulnerabilities in the Flash Player Plugin for Solaris (Sun 24
• Nortel Networks: Nortel Response to Sun Alert 248586 - Multiple Security Vulnerabilities in t
• Ryan Naraine: Adobe Flash ads launching clipboard hijack attack
• Ryan Naraine: Can Adobe mitigate ‘clipboard hijack’ issue?
• Sun: Multiple Security Vulnerabilities in the Flash Player Plugin for Solaris

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.