HTTP: Adobe Flash Player Cross-Site Request Forgery Unauthorized Remote Access
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to cross site forgery resulting in unauthorized access to remote systems.
Extended Description
Adobe Flash Player is prone to an unspecified cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The following versions are vulnerable: Adobe Flash Player 10.3.181.16 and prior versions for Windows, Macintosh, Linux and Solaris operating systems Adobe Flash Player 10.3.185.22 and prior versions for Android UPDATE (June 7, 2011): The vendor indicates there may be an impact related to the 'Authplay.dll' component of Adobe Reader and Acrobat X 10.0.3, Reader 9.x and 10.x, and Acrobat 9.x and 10.x. We will update this BID when additional details emerge.
Affected Products
Xerox freeflow_print_server_(ffps),Google chrome
Short Name
HTTP:STC:ADOBE:SWF-XSFORGE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Access Adobe CVE-2011-2107 Cross-Site Flash Forgery Player Remote Request Unauthorized bid:48107
Release Date
06/10/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Research_in_motion
Adobe
Gentoo
Sun
Xerox
Suse
CVSS Score
4.3