CVE-2013-2204

Name of the Vulnerable Software and Affected Versions Moxiecode moxieplayer versions prior to 3.5.2

Description The issue allows remote attackers to pass arbitrary parameters to a Flash application and conduct content-spoofing attacks by crafting a string after a ? (question mark) character, due to the failure to consider the presence of a # (pound sign) character during extraction of the QUERY STRING.

Recommendations For versions prior to 3.5.2, update to version 3.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Flash application to minimize the risk of exploitation. Avoid using the QUERY STRING parameter in the affected application until the issue is resolved.