Adobe Flash Player ActiveX control navigateToURL cross-site scripting (Flash_NavigateToURL_XSS)

About this signature or vulnerability

RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), Proventia Network MFS, IBM Security Host Protection for Desktops, Proventia Network IDS, Proventia-G 1.1 and earlier, Virtual Server Protection for Vmware, IBM Security Network Protection, Proventia Network IPS, Proventia Server IPS for Linux technology, IBM Security Host Protection for Servers (Unix):

This signature detects a Shockwave-Flash (.swf) file using the navigateToURL actionScript function that appears to be navigating to a URL having the javascript: protocol.


False positives

RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), Proventia Network MFS, IBM Security Host Protection for Desktops, Proventia Network IDS, Proventia-G 1.1 and earlier, Virtual Server Protection for Vmware, IBM Security Network Protection, Proventia Network IPS, Proventia Server IPS for Linux technology, IBM Security Host Protection for Servers (Unix): This is not necessarily a malicious action and blocking of traffic generating this event is appropriate only after a specific policy decision has been made.

Default risk level

Medium risk vulnerability  Medium

Sensors that have this signature

RealSecure Server Sensor: XPU 28.020, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, Proventia Network MFS: XPU 28.020, IBM Security Host Protection for Servers (Windows): 1.0.914.2160, IBM Security Host Protection for Servers (Windows): 2.0.252.2160, IBM Security Host Protection for Desktops: 2160, Proventia Network IDS: XPU 28.020, Proventia-G 1.1 and earlier: XPU 28.020, Virtual Server Protection for Vmware: 1.0, IBM Security Network Protection: 5.1, Proventia Network IPS: XPU 28.020, Proventia Server IPS for Linux technology: 28.020, IBM Security Host Protection for Servers (Unix): 2.2.2

Systems affected

RedHat RHEL Extras: 4.5.z, RedHat RHEL Extras: 4.6.z, Adobe Contribute: 4, Adobe Contribute: CS3, Adobe Flash Player ActiveX control, RedHat RHEL Supplementary: 5.1.z EUS, Adobe Connect Enterprise Server: 6, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, Novell SUSE Linux Enterprise Desktop: 10 SP1, Turbolinux Turbolinux: wizpy, Turbolinux Turbolinux: FUJI, RedHat RHEL Extras: 3, RedHat RHEL Extras: 4, Adobe Dreamweaver: 9.0, Adobe Dreamweaver: 8.0, Novell OpenSUSE: 10.2, Novell OpenSUSE: 10.3, Sun OpenSolaris: 2008.5 SPARC, Sun OpenSolaris: 2008.5 x86, Sun Solaris: 10 SPARC, Sun Solaris: 10 x86, Novell Linux Desktop: 9, Gentoo Linux, SUSE SuSE Linux: 9.0, Microsoft Internet Explorer

Type

Suspicious Activity

Vulnerability description

An HTTP request containing embedded <script> tags has been detected, which may indicate a cross-site scripting attempt against a Web server or Web application.

How to remove this vulnerability

This check is for informational purposes only.

Ensure that your personal firewall, operating system, and applications are up-to-date in order to minimize the threat of a system compromise.

References

Adobe Product Security Bulletin APSB07-20
Flash Player update available to address security vulnerabilities
http://www.adobe.com/support/security/bulletins/apsb07-20.html

Full-Disclosure Mailing List, Wed, 19 Dec 2007 16:41:51 -0800
CVE-2007-6244: Adobe Flash Player ActiveX Control Universal Cross-Site Scripting Vulnerability
http://seclists.org/fulldisclosure/2007/Dec/0467.html

Adobe Product Security Bulletin APSB08-01
Update to Dreamweaver and Contribute to address potential cross-site scripting vulnerabilities
http://www.adobe.com/support/security/bulletins/apsb08-01.html

Adobe Product Security Bulletin APSB08-02
Update available for Adobe Connect Enterprise Server cross-site scripting issue
http://www.adobe.com/support/security/bulletins/apsb08-02.html

Sun Alert ID: 238305
Multiple Security Vulnerabilities in Flash Player for Solaris
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238305-1

NORTEL BULLETIN ID: 2008008954, Rev 1
Nortel Response to Sun Alert 238305 - Multiple Security Vulnerabilities in Flash Player for Solaris 10
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=745016

ISS X-Force
Adobe Flash Player ActiveX control navigateToURL cross-site scripting
http://www.iss.net/security_center/static/39131.php

CVE
CVE-2007-6244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6244