Summary
This host is installed with Adobe Flex SDK and is prone to cross site scripting vulnerability.
Impact
Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Apply the patch from below link
http://kb2.adobe.com/cps/915/cpsid_91544.html
*****
NOTE: Ignore this warning if patch is applied already.
*****
**************************************************************** Note: This script detects Adobe Flex SDK installed as part of Adobe Flex Builder only. If SDK is installed seperately, manual verification is required.
****************************************************************
Insight
The flaw is due to certain unspecified input passed to SWF files developed using the framework is not properly sanitised before being returned to the user.
Affected
Adobe Flex SDK version 3.x through 3.6 and 4.x through 4.5.1
References
Severity
Classification
-
CVE CVE-2011-2461 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)
- Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
- Apple Safari 'Webkit' Multiple Vulnerabilities -01 Feb15 (Mac OS X)
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
- Adobe Reader 'SWF' Information Disclosure Vulnerability (Windows)