HTTP: Adobe Flash Player ActiveX Control navigateToURL API Exploit
This signature detects attempts to exploit a known vulnerability in Adobe Flash Play ActiveX. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability. An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain. This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and prior versions. NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned its own BID because new technical details are available.
Affected Products
Red_hat enterprise_linux_extras
Short Name
HTTP:STC:ADOBE:FLASH-CSS-EXP
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
API ActiveX Adobe CVE-2007-6244 Control Exploit Flash Player bid:26960 navigateToURL
Release Date
12/10/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Suse
Gentoo
Sun
Turbolinux
Nortel_networks
Adobe
CVSS Score
4.3