Adobe Flash Player ActiveX control navigateToURL cross-site scripting (Flash_NavigateToURL_XSS)

About this signature or vulnerability

RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), Proventia Network MFS, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network IPS, IBM Security Host Protection for Desktops, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology, IBM Security Network Protection, IBM Security Host Protection for Servers (Unix):

This signature detects a Shockwave-Flash (.swf) file using the navigateToURL actionScript function that appears to be navigating to a URL having the javascript: protocol.


False positives

RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), Proventia Network MFS, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network IPS, IBM Security Host Protection for Desktops, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology, IBM Security Network Protection, IBM Security Host Protection for Servers (Unix): This is not necessarily a malicious action and blocking of traffic generating this event is appropriate only after a specific policy decision has been made.

Default risk level

Medium risk vulnerability  Medium

Sensors that have this signature

RealSecure Server Sensor: XPU 28.020, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, Proventia Network MFS: XPU 28.020, IBM Security Host Protection for Servers (Windows): 1.0.914.2160, IBM Security Host Protection for Servers (Windows): 2.0.252.2160, Proventia Network IDS: XPU 28.020, Proventia-G 1.1 and earlier: XPU 28.020, Proventia Network IPS: XPU 28.020, IBM Security Host Protection for Desktops: 2160, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 28.020, IBM Security Network Protection: 5.1, IBM Security Host Protection for Servers (Unix): 2.2.2

Systems affected

RedHat RHEL Extras: 4.6.z, RedHat RHEL Extras: 4.5.z, Adobe Contribute: 4, Adobe Contribute: CS3, Adobe Flash Player ActiveX control, RedHat RHEL Supplementary: 5.1.z EUS, Adobe Connect Enterprise Server: 6, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, Novell SUSE Linux Enterprise Desktop: 10 SP1, Turbolinux Turbolinux: wizpy, Turbolinux Turbolinux: FUJI, RedHat RHEL Extras: 3, RedHat RHEL Extras: 4, Adobe Dreamweaver: 9.0, Adobe Dreamweaver: 8.0, Novell OpenSUSE: 10.2, Novell OpenSUSE: 10.3, Sun OpenSolaris: 2008.5 SPARC, Sun OpenSolaris: 2008.5 x86, Sun Solaris: 10 x86, Sun Solaris: 10 SPARC, Novell Linux Desktop: 9, Gentoo Linux, SUSE SuSE Linux: 9.0, Microsoft Internet Explorer

Type

Suspicious Activity

Vulnerability description

An HTTP request containing embedded <script> tags has been detected, which may indicate a cross-site scripting attempt against a Web server or Web application.

How to remove this vulnerability

This check is for informational purposes only.

Ensure that your personal firewall, operating system, and applications are up-to-date in order to minimize the threat of a system compromise.

References

Adobe Product Security Bulletin APSB07-20
Flash Player update available to address security vulnerabilities
http://www.adobe.com/support/security/bulletins/apsb07-20.html

Full-Disclosure Mailing List, Wed, 19 Dec 2007 16:41:51 -0800
CVE-2007-6244: Adobe Flash Player ActiveX Control Universal Cross-Site Scripting Vulnerability
http://seclists.org/fulldisclosure/2007/Dec/0467.html

Adobe Product Security Bulletin APSB08-01
Update to Dreamweaver and Contribute to address potential cross-site scripting vulnerabilities
http://www.adobe.com/support/security/bulletins/apsb08-01.html

Adobe Product Security Bulletin APSB08-02
Update available for Adobe Connect Enterprise Server cross-site scripting issue
http://www.adobe.com/support/security/bulletins/apsb08-02.html

Sun Alert ID: 238305
Multiple Security Vulnerabilities in Flash Player for Solaris
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238305-1

NORTEL BULLETIN ID: 2008008954, Rev 1
Nortel Response to Sun Alert 238305 - Multiple Security Vulnerabilities in Flash Player for Solaris 10
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=745016

ISS X-Force
Adobe Flash Player ActiveX control navigateToURL cross-site scripting
http://www.iss.net/security_center/static/39131.php

CVE
CVE-2007-6244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6244