Adobe addresses potential cross-site scripting vulnerabilities
Input validation errors have been identified in code generated by Dreamweaver and Contribute which could lead to potential cross-site scripting attacks. Only users who have used the Insert Flash Video command in Dreamweaver or Contribute may be vulnerable.
The relevant files that require an update are FLVPlayer_Progressive.swf and FLVPlayer_Streaming.swf.
For existing websites using the existing FLVPlayer_Progressive.swf or FLVPlayer_Streaming.swf component to embed FLV content, site administrators are encouraged to update their site assets with the updated component. These vulnerabilities are remotely exploitable. This update addresses an issue previously described in Security Advisory APSA07-06.