Security vulnerability in output of Adobe Flex ASdoc Tool 

Release date: April 14, 2015

Vulnerability identifier: APSB15-08

Priority: See table below

CVE number: CVE-2015-1773

Platform: All Platforms

Summary

An important vulnerability has been identified in the JavaScript output of the ASDoc tool available in Adobe Flex 4.6 and earlier versions.  This vulnerability could lead to reflected cross-site scripting.  Adobe recommends users perform the actions referenced in the "Solutions" section below to remediate this vulnerability.

Affected software versions

  • Adobe Flex 4.6 and earlier versions

Solution

Adobe recommends users follow the steps below to remediate this issue:

  1. Download the index.html file available here
  2. Apply any modifications to the existing index.html file (ex. update the page title)
  3. Deploy the results to the web site

Priority and severity ratings

Adobe categorizes this issue with the following priority rating:

Product Affected versions Platform Priority rating
Adobe Flex 4.6 and earlier
All 3

This bulletin addresses an important vulnerability in the software.

Acknowledgments

Adobe would like to thank Radjnies Bhansingh of Securify BV for reporting this issue.