Flash Exploitation Database



This database consists of publically reported Flash web application vulnerabilities and remediation when available. The purpose of this document is to serve as a quick reference of Flash related web vulnerabilities and raise awarness for better Actionscript coding practices. All vulnerabilities are due to vendor code and not directly related to the Adobe Flash plug-in.

Server-side filtering of FlashVars can be bypassed by including a hash character before the query string, thereby forcing the injection to only be interpreted by the client's browser. (#?var=val)




Affected Version: Unknown
Vuln. Class: URL Redirection & XSS
CVE: CVE-2003-0208
Bugtraq: 105033712615013
/[Banner Name].swf

Affected Version: Flash MX 2004
Vuln. Class: URL Redirection & XSS
/flash_detection.swf

Affected Version: 2.0.2
Vuln. Class: Content Spoofing & XSS
Remediation: Upgrade to Current Version
CVE: CVE-2008-0438
BID: 27394
SReason: 3571
[Font Name].swf [Proof of Concept]

Affected Version: r436
Vuln. Class: Content Spoofing & XSS
Remediation: Upgrade to Current Version
CVE: CVE-2011-3641
/[Font Name].swf [Proof of Concept]

Affected Version: 7.1.1 (Optional Patch)
Vuln. Class: Content Spoofing & XSS
Remediation: Apply Optional Patch Provided by Vendor
Vendor Advisory: Security Bulletin 5
OSVDB: 68791
/[Name]_controller.swf [Proof of Concept]

Affected Version: 1.13 - 3.2.8
Vuln. Class: Content Spoofing & XSS
OSVDB: 73803
XFDB: 68526
/FlowPlayer.swf (ver. 1&2) [Proof of Concept] /flowplayer-3.2.8.swf (Ver. 3) [Proof of Concept]

Affected Version: 3.1.0 - 4
Vuln. Class: Content Spoofing & XSS
CVE: CVE-2011-3642
/flowplayer-3.2.8.swf [Proof of Concept] /flowplayer.commercial-3.1.5.swf [Proof of Concept]

Affected Version: 5
Vuln. Class: Content Spoofing & XSS
/flowplayer.swf [Proof of Concept]

Affected Version: 1.6.0
Vuln. Class: Content Spoofing, URL Redirection, & XSS
Original Disclosure: [FULL DISCLOSURE]
XFDB: 69384
OSVDB: 74922
SA: SA45692
CVE: CVE-2011-3644
/player_flv(|classic|_mini|_maxi|_multi).swf [Proof of Concept]

Affected Version: 3
Vuln. Class: Content Spoofing, URL Redirection, & XSS
/mediaplayer.swf [Proof of Concept]

Affected Version: ?-5.8
Vuln. Class: Content Spoofing, URL Redirection, & XSS
Vendor Disclosure: Trac
Vendor Disclsoure 2: Trac
XFDB: 67982
BID: 48214
SA: SA44850
CVE: CVE-2011-2413
/player.swf [Proof of Concept]

Affected Version: 5.9-5.10
Vuln. Class: Content Spoofing, URL Redirection, & XSS
Vendor Trac Ticket: Trac
/player.swf [Proof of Concept]

Affected Version: 1.x
Vuln. Class: Content Spoofing & XSS
CVE: CVE-2011-4549
/open-flash-chart.swf [Proof of Concept]

Affected Version: 2.x
Vuln. Class: Content Spoofing & XSS
CVE: CVE-2011-4550
/open-flash-chart.swf [Proof of Concept]

Affected Version: 2.6.3
Vuln. Class: Content Spoofing, URL Redirection, & XSS
Remediation: Domain restricted version available by contacting vendor
CVE: CVE-2012-1302
/ammap.swf [Proof of Concept] /amtimeline.swf [Proof of Concept]

Affected Version: Flash v1
Vuln. Class: Content Spoofing, URL Redirection, & XSS
Remediation: Domain restricted version available by contacting vendor
CVE: CVE-2012-1303
/ampie.swf [Proof of Concept] /amline.swf | amxy.swf | /amcolumn.swf | /amradar.swf [Proof of Concept] /amstock.swf [Proof of Concept]

Affected Version: 1.21
Vuln. Class: Content Spoofing, URL Redirection, & XSS
Remediation: Upgrade to Current Version
Vendor Advisory: Security Update
CVE: CVE-2009-4169
BID: 37102
/tagcloud.swf | /cumulus.swf [Proof of Concept]

Affected Version: 1.22
Vuln. Class: Content Spoofing, URL Redirection, & XSS
Remediation: Upgrade to Current Version
CVE: CVE-2009-4168
BID: 37100
Original Disclosure: [FULL DISCLOSURE]
Vendor Advisory: Security Update
/tagcloud.swf | /cumulus.swf [Proof of Concept]

Affected Version: 6.0.7
Vuln. Class: Content Spoofing, URL Redirection, & XSS
CVE: CVE-2012-1505
/AnyChart.swf [Proof of Concept]

Affected Version: 3.0.4, issue resolved in 3.0.5 however remains vulnerable in 3.2
Vuln. Class: Content Spoofing, URL Redirection, & XSS
Vendor Disclosure: Version History (3.0.5)
CVE: CVE-2008-6060
Cisco: 18124
XFDB: 48577
Affected Files: Charts / Widgets / Maps
Single Series [Proof of Concept] Multi-Series [Proof of Concept] XY Plot [Proof of Concept] Map [Proof of Concept]

Affected Version: 3.2
Vuln. Class: Content Spoofing, URL Redirection, & XSS
CVE: CVE-2012-1504
Affected Files: Charts / Widgets
Single Series: /Line.swf [Proof of Concept] Multi-Series: /MSLine.swf [Proof of Concept] XY Plot: /Bubble.swf [Proof of Concept]

Affected Version: 2.1.1
Vuln. Class: Content Spoofing & XSS
CVE: CVE-2012-2228
Resolution: 2.1.2
/Jplayer.swf [Proof of Concept]

Affected Version: 2.2.0.1
Vuln. Class: XSS
Disclosure: Neal Poole Blog
CVE: CVE-2012-2399
/swfupload.swf [Proof of Concept]

Affected Version: WordPress 2.5 - 3.3.1
Vuln. Class: Content Spoofing & XSS
Disclosure: BREAK Security
Disclosure: Full Disclosure Mailing List
/swfupload.swf [Proof of Concept]

Affected Version: 1.1.3
Remediation: Upgrade to Current Version
Vuln. Class: XSS
Disclosure: GitHub Issue
/ZeroClipboard.swf [Proof of Concept]

Affected Version: GitHub Commit before a1a8443b64481f2b7d7a3a80860ebd16ec59192d
Remediation: Upgrade to Current Version
Vuln. Class: XSS
Disclosure: GitHub Issue
/ZeroClipboard.swf [Proof of Concept]