Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

December 2011 Adobe Black Tuesday

Published: 2011-12-13
Last Updated: 2011-12-13 20:55:04 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

As expected, Microsoft wasn't alone with issuing patches today. In addition, Adobe released two bulletins affecting Flex and Cold Fusion. Both bulletins affect developer and server components, not commonly used client software.

APSB11-25: Cross Site Scripting issue in Flex SDK

The Adobe Flex SDK is used to create flash applets for web applications. The vulnerability fixed in this bulletin could lead to cross site scripting problems with these applications.

APSB11-29: Cross Site Scripting in ColdFusion

ColdFusion is a web application platform that may be hosted on Windows, Unix or OS X. This "hot fix" fixes a cross site scripting vulnerability in applications created with ColdFusion.


Johannes B. Ullrich, Ph.D.
SANS Technology Institute

Keywords: adobe coldfusion flex
1 comment(s)
Diary Archives