YUI 'SWF' File Multiple Cross-Site Scripting Vulnerabilities

YUI is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

YUI 2.4.0 through 2.9.0 are vulnerable.

Information

Bugtraq ID: 56385
Class: Unknown
CVE: CVE-2012-5881
CVE-2012-5882
CVE-2012-5883

Remote: Yes
Local: No
Published: Oct 30 2012 12:00AM
Updated: Apr 19 2017 07:05PM
Credit: Reported by the vendor.
Vulnerable: VBulletin vBulletin Publishing Suite 4.1.10
VBulletin vBulletin Publishing Suite 4.1.9
VBulletin vBulletin Publishing Suite 4.1.5
VBulletin vBulletin Publishing Suite 4.1.4
VBulletin vBulletin Publishing Suite 4.1.3
VBulletin vBulletin Publishing Suite 4.1.5 PL1
VBulletin vBulletin Publishing Suite 4.1.4 PL3
VBulletin vBulletin Publishing Suite 4.1.3 PL3
VBulletin vBulletin Publishing Suite 4.1.2 PL1
VBulletin vBulletin Publishing Suite 4.1.2
VBulletin vBulletin Publishing Suite 4.1.12 PL1
VBulletin vBulletin Publishing Suite 4.1.12
VBulletin vBulletin Publishing Suite 4.1.12
VBulletin vBulletin Publishing Suite 4.1.1 PL1
VBulletin vBulletin Publishing Suite 4.1.0 PL3
VBulletin vBulletin Publishing Suite 4.0.8 PL3
VBulletin vBulletin Publishing Suite 4.0.7 PL1
VBulletin vBulletin Publishing Suite 4.0.6 PL1
VBulletin vBulletin Publishing Suite 4.0.5 PL1
VBulletin vBulletin Publishing Suite 4.0.4 PL2
VBulletin vBulletin Publishing Suite 4.0.3 PL2
VBulletin vBulletin Publishing Suite 4.0.2 PL5
VBulletin vBulletin Publishing Suite 4.0.1 PL1
VBulletin vBulletin Publishing Suite 4.0.0 PL2
VBulletin VBulletin 4.1.12 PL2
VBulletin VBulletin 4.1.12
VBulletin VBulletin 4.1.10
VBulletin VBulletin 4.1.7
VBulletin VBulletin 4.1.5
VBulletin VBulletin 4.1.4
VBulletin VBulletin 4.0.2
VBulletin VBulletin 4.0.1
VBulletin VBulletin 4.0 PL 1
VBulletin VBulletin 4.2
VBulletin VBulletin 4.1.5 PL1
VBulletin VBulletin 4.1.4 PL3
VBulletin VBulletin 4.1.3 PL3
VBulletin VBulletin 4.1.3 PL1
VBulletin VBulletin 4.1.3
VBulletin VBulletin 4.1.2 PL1
VBulletin VBulletin 4.1.11
VBulletin VBulletin 4.1.1 PL1
VBulletin VBulletin 4.1.0 PL3
VBulletin VBulletin 4.0.8 PL3
VBulletin VBulletin 4.0.8
VBulletin VBulletin 4.0.7 PL1
VBulletin VBulletin 4.0.6 PL1
VBulletin VBulletin 4.0.5 PL1
VBulletin VBulletin 4.0.4 PL2
VBulletin VBulletin 4.0.3 PL2
VBulletin VBulletin 4.0.2 PL5
VBulletin VBulletin 4.0.2 PL 4
VBulletin VBulletin 4.0.2 PL 3
VBulletin VBulletin 4.0.2 PL 2
VBulletin VBulletin 4.0.1 PL1
VBulletin VBulletin 4.0.0 PL2
Oracle Utilities Framework 4.3.0.3.0
Oracle Utilities Framework 4.3.0.2.0
Oracle Utilities Framework 4.3.0.1.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Utilities Framework 4.2.0.1.0
Oracle Utilities Framework 4.1.0.2.0
Oracle Utilities Framework 4.1.0.1.0
Oracle Utilities Framework 2.2.0.0.0
Mozilla Bugzilla 4.1.3
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.0.5
Mozilla Bugzilla 4.0.4
Mozilla Bugzilla 4.0.3
Mozilla Bugzilla 4.0.2
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.7.1
Mozilla Bugzilla 4.3.3
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 4.2.3
Mozilla Bugzilla 4.2.2
Mozilla Bugzilla 4.2.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.0.8
Mozilla Bugzilla 4.0.7
Mozilla Bugzilla 4.0.6
Mozilla Bugzilla 3.7.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.1
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.3
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.1.8
Moodle Moodle 2.1.7
Moodle Moodle 2.1.6
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 1.9.18
Moodle Moodle 1.9.17
Moodle Moodle 1.9.16
Moodle Moodle 1.9.14
Moodle Moodle 1.9.13
Moodle Moodle 1.9.12
Moodle Moodle 1.9.11
Moodle moodle 1.9.10
Moodle Moodle 1.9.10
Moodle moodle 1.9.9
Moodle Moodle 1.9.8
Moodle Moodle 1.9.7
Moodle Moodle 1.9.6
Moodle moodle 1.9.6
Moodle Moodle 1.9.5
Moodle Moodle 1.9.4
Moodle Moodle 1.9.1
Moodle Moodle 2.3
Moodle Moodle 2.2
Moodle Moodle 2.1.3
Moodle Moodle 2.1
Moodle Moodle 1.9.3
Moodle Moodle 1.9.2
Moodle Moodle 1.9.15
Moodle Moodle 1.9
Moodle moodle 1.9
Mandriva Business Server 1 X86 64
Mandriva Business Server 1

Not Vulnerable: VBulletin vBulletin Publishing Suite 4.1.12 PL3
VBulletin vBulletin Publishing Suite 4.2 PL3
VBulletin VBulletin 4.1.12 PL3
VBulletin VBulletin 4.2 PL3
Mozilla Bugzilla 4.2.4
Mozilla Bugzilla 4.0.9
Mozilla Bugzilla 4.4rc1
Moodle Moodle 2.3.3
Moodle Moodle 2.2.6
Moodle Moodle 2.1.9

Exploit

An attacker can exploit these issues through a browser. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.

References:

• MSA-12-0060: Cross-site scripting vulnerability in YUI2 (moodle)
  
• Security Announcement: SWF Vulnerability in YUI 2 (YUI Blog)
  
• YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A S (oss-security)
  
• YUI Security Bulletin: Addressing a Vulnerability in YUI 2.4.0 through YUI 2.9.0 (Yahoo!)
  
• 4.3.3, 4.2.3, 4.0.8, and 3.6.11 Security Advisory (Mozilla)
  
• Oracle Critical Patch Update Advisory - April 2017 (Oracle)
  
• vBulletin 4 Security Patch for Potential Yahoo! User Interface Library Exploit (vBulliten)
  

Source: www.securityfocus.com