Will Adobe ever fix its XSS bug?

Even after more than 16 months since researchers had warned about the critical vulnerabilities in Adobe Flash, a wide array of pages remain vulnerable.

The problem has been explained by buggy SWF files that generate banner ads and other animated content in Adobe files. A team of researchers stated they had discovered the files could be exploited by attackers to interfere with websites belonging to banks, government agencies and other trusted organizations. Moreover, the researchers have been repeatedly warning webmasters that the problem would be difficult to fix, as it required potentially millions of graphics files to be regenerated. 

Today, the website XSSed shows that even Adobe.com has failed to contain the offending SWF files, along with some other offenders such as Marfin Egnatia Bank and Greek electronics vendor Plaiso.gr. Jeff Williams, CEO of Aspect Security, web application security firm, stated that "Anyone who includes one of those ads in their site is now susceptible to cross-site scripting and some other things." 

Specialists say, one of the reasons the vulnerability is difficult to fix is because it requires multiple steps, such as patching the application they used to render the SWF files, examining every file hosted on their website, etc.