TheUnited States
Computer Emergency Readiness Team(US-Cert)
has reportedsecurity
vulnerabilities in Flash file
code.
The problem allows cross-site scripting attacks via websites.
US-Cert said there are reported vulnerabilities in Flash (SWF)
files that may allow a remote, unauthenticated attacker to conduct
cross-site scripting attacks on a vulnerable system.
The flaws exist in the way that input is validated when passed
to embedded ActionScript and JavaScript in the SWF file. Authoring
tools that automatically generate Flash files may introduce these
vulnerabilities, said US-Cert.
The Flash file problem comes as US-Cert also reports there is
exploit code in the wild to take advantage of a flaw in RealPlayer.
The exploit reportedly affects RealPlayer 11 build 6.0.14.748.
US-Cert will provide more information on this problem at a later
date.