Release date: 2011-12-01
Updated on: 2011-12-02
Affected Systems:
Adobe Flex 4.x
Adobe Flex 3.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 50869
Cve id: CVE-2011-2461
Adobe Flex is an efficient open source framework for building and maintaining Web applications.
Adobe Flex 3. versions earlier than x and 4.6 do not properly filter the input passed to the SWF file, and an XSS vulnerability exists in implementation, attackers can exploit this vulnerability to execute arbitrary HTML and script code in the browser of the affected site.
<* Source: Adobe
Link: http://www.adobe.com/support/security/bulletins/apsb11-25.html
Http://kb2.adobe.com/cps/915/cpsid_91544.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Adobe
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.adobe.com/support/security/