Rich Cannings

**Name of the Vulnerable Software and Affected Versions** FusionCharts (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability in ActionScript within arbitrary Shockwave Flash (SWF) files created by InfoSoft FusionCharts. This allows remote attackers to inject arbitrary additional SWF content via a URL in the SRC attribute of an IMG element in the `dataURL` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player versions 8.0.0 through 8.0.35.0 Adobe Flash Player versions 9.0.0 through 9.0.48.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via a SWF file that uses the `asfunction:` protocol or the `navigateToURL` function when used with the Flash Player ActiveX Control in Internet Explorer. **Recommendations** For Adobe Flash Player versions 8.0.0 through 8.0.35.0, update to a version later than 8.0.35.0 to resolve the issue. For Adobe Flash Player versions 9.0.0 through 9.0.48.0, update to a version later than 9.0.48.0 to resolve the issue. As a temporary workaround, consider disabling the use of the `asfunction:` protocol and the `navigateToURL` function in the Flash Player ActiveX Control until a patch is available.