This vulnerability allows remote attackers to inject scripts across domains through vulnerable versions of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of scripts injected via Flash’s redirect methods over both the data: and javascript: protocol handlers. Both cases result in the browser incorrectly executing the script code under the context of the redirecting hostname. The flashContentURL parameter to flash_detection.swf is a popular and widespread example of a vulnerable SWF file which can be abused.