HTTP: Adobe Flash Player ActiveX CSS Exploit
This signature detects attempts to exploit a known vulnerability in Adobe Flash Play ActiveX. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability. An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain. This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and prior versions. NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned its own BID because new technical details are available.
Affected Products
Red_hat enterprise_linux_extras
Short Name
HTTP:STC:ACTIVEX:FLASH9D-CSS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX Adobe CSS CVE-2007-6244 Exploit Flash Player bid:26960
Release Date
09/15/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Suse
Gentoo
Sun
Turbolinux
Nortel_networks
Adobe
CVSS Score
4.3