Flash Exploitation Database



This database consists of publically reported Flash web application vulnerabilities and remediation when available. The purpose of this document is to serve as a quick reference of Flash related web vulnerabilities and raise awarness for better Actionscript coding practices. All vulnerabilities are due to vendor code and not directly related to the Adobe Flash plug-in.

Server-side filtering of FlashVars can be bypassed by including a hash character before the query string, thereby forcing the injection to only be interpreted by the client's browser. (#?var=val)

* Fixed in Flash player 11.2 *




Affected Version: Unknown
Vuln. Class: URL Redirection & XSS
CVE: CVE-2003-0208
Bugtraq: 105033712615013
/[Banner Name].swf

Affected Version: Flash MX 2004
Vuln. Class: URL Redirection & XSS
/flash_detection.swf

Affected Version: 2.0.2
Vuln. Class: Content Spoofing & XSS
Remediation: Upgrade to Current Version
CVE: CVE-2008-0438
BID: 27394
SReason: 3571
[Font Name].swf

Affected Version: r436
Vuln. Class: Content Spoofing & XSS
Remediation: Upgrade to Current Version
CVE: CVE-2011-3641
/[Font Name].swf

Affected Version: 7.1.1 (Optional Patch)
Vuln. Class: Content Spoofing & XSS
Remediation: Apply Optional Patch Provided by Vendor
Vendor Advisory: Security Bulletin 5
OSVDB: 68791
/[Name]_controller.swf

Affected Version: 1.13 - 3.1.0
Vuln. Class: Content Spoofing & XSS
OSVDB: 73803
XFDB: 68526
/FlowPlayer.swf (ver. 1&2) /flowplayer-3.2.8.swf (Ver. 3)

Affected Version: 3.1.0 - 3.2.18
Vuln. Class: Content Spoofing & XSS
CVE: CVE-2011-3642
/flowplayer-3.2.8.swf /flowplayer.commercial-3.1.5.swf

Affected Version: 4 - 5.4.2
Vuln. Class: Content Spoofing & XSS
/FlowPlayer.swf

Affected Version: 5
Vuln. Class: Content Spoofing & XSS
/flowplayer.swf

Affected Version: 1.6.0
Vuln. Class: Content Spoofing, URL Redirection, & XSS
Original Disclosure: [FULL DISCLOSURE]
XFDB: 69384
OSVDB: 74922
SA: SA45692
CVE: CVE-2011-3644
/player_flv(|classic|_mini|_maxi|_multi).swf

Affected Version: 3
Vuln. Class: Content Spoofing, URL Redirection, & XSS
/mediaplayer.swf

Affected Version: ?-5.8
Vuln. Class: Content Spoofing, URL Redirection, & XSS
Vendor Disclosure: Trac
Vendor Disclsoure 2: Trac
XFDB: 67982
BID: 48214
SA: SA44850
CVE: CVE-2011-2413
/player.swf

Affected Version: 5.9-5.10
Vuln. Class: Content Spoofing, URL Redirection, & XSS
Vendor Trac Ticket: Trac
/player.swf

Affected Version: 1.x
Vuln. Class: Content Spoofing & XSS
CVE: CVE-2011-4549
/open-flash-chart.swf

Affected Version: 2.x
Vuln. Class: Content Spoofing & XSS
CVE: CVE-2011-4550
/open-flash-chart.swf

Affected Version: 2.6.3
Vuln. Class: Content Spoofing, URL Redirection, & XSS
Remediation: Domain restricted version available by contacting vendor
CVE: CVE-2012-1302
/ammap.swf /amtimeline.swf

Affected Version: Flash v1
Vuln. Class: Content Spoofing, URL Redirection, & XSS
Remediation: Domain restricted version available by contacting vendor
CVE: CVE-2012-1303
/ampie.swf /amline.swf | amxy.swf | /amcolumn.swf | /amradar.swf /amstock.swf

Affected Version: 1.21
Vuln. Class: Content Spoofing, URL Redirection, & XSS
Remediation: Upgrade to Current Version
Vendor Advisory: Security Update
CVE: CVE-2009-4169
BID: 37102
/tagcloud.swf | /cumulus.swf

Affected Version: 1.22
Vuln. Class: Content Spoofing, URL Redirection, & XSS
Remediation: Upgrade to Current Version
CVE: CVE-2009-4168
BID: 37100
Original Disclosure: [FULL DISCLOSURE]
Vendor Advisory: Security Update
/tagcloud.swf | /cumulus.swf

Affected Version: 6.0.7
Vuln. Class: Content Spoofing, URL Redirection, & XSS
CVE: CVE-2012-1505
/AnyChart.swf

Affected Version: 3.0.4, issue resolved in 3.0.5 however remains vulnerable in 3.2
Vuln. Class: Content Spoofing, URL Redirection, & XSS
Vendor Disclosure: Version History (3.0.5)
CVE: CVE-2008-6060
Cisco: 18124
XFDB: 48577
Affected Files: Charts / Widgets / Maps
Single Series Multi-Series XY Plot Map

Affected Version: 3.2
Vuln. Class: Content Spoofing, URL Redirection, & XSS
CVE: CVE-2012-1504
Affected Files: Charts / Widgets
Single Series: /Line.swf Multi-Series: /MSLine.swf XY Plot: /Bubble.swf

Affected Version: 2.1.1
Vuln. Class: Content Spoofing & XSS
CVE: CVE-2012-2228
Resolution: 2.1.2
/Jplayer.swf

Affected Version: 2.2.0.1
Vuln. Class: XSS
Disclosure: Neal Poole Blog
CVE: CVE-2012-2399
/swfupload.swf

Affected Version: WordPress 2.5 - 3.3.1
Vuln. Class: Content Spoofing & XSS
Disclosure: BREAK Security
Disclosure: Full Disclosure Mailing List
/swfupload.swf

Affected Version: 1.1.3
Remediation: Upgrade to Current Version
Vuln. Class: XSS
Disclosure: GitHub Issue
/ZeroClipboard.swf

Affected Version: GitHub Commit before a1a8443b64481f2b7d7a3a80860ebd16ec59192d
Remediation: Upgrade to Current Version
Vuln. Class: XSS
Disclosure: GitHub Issue
/ZeroClipboard.swf