Vulnonym.org

CVE-2008-2640 - Pomeranian Blankets

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3 and generated applications allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html (2) express-installation-with-history/history/historyFrame.html or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. NOTE: Firefox 2.0 and possibly other browsers prevent exploitation.

Reference

http://blog.watchfire.com/wfblog/2008/06/javascript-code.html http://www.adobe.com/support/security/bulletins/apsb08-14.html http://www.securityfocus.com/bid/29778 http://securitytracker.com/id?1020301 http://secunia.com/advisories/30746 http://www.vupen.com/english/advisories/2008/1862 https://exchange.xforce.ibmcloud.com/vulnerabilities/43150