Flash Scripting Security Issue
See it in Flashmagazine.com
Thanks to the guys at Flashmagazine to point this out.
The problem comes from the SWF contents ability to execute JavaScript commands, and affect every web site which allows users to include/upload SWF content on their own.
A typical abuse of this security fault would be for a malicious user to include a seemingly innocent SWF signature that at the same time would be able to transfer data such as cookies from every single user viewing the page with the included SWF.
Macromedia has announced that there will be a new Flash 6 player made available in July that will address the security issue with a new EMBED/PARAM parameter, the parameter will allow web sites to turn off any outbound scripting (ActionScript getURL() actions that specify a scripting statement) when displaying SWF content.
See it in Flashmagazine.com
Thanks to the guys at Flashmagazine to point this out.
The problem comes from the SWF contents ability to execute JavaScript commands, and affect every web site which allows users to include/upload SWF content on their own.
A typical abuse of this security fault would be for a malicious user to include a seemingly innocent SWF signature that at the same time would be able to transfer data such as cookies from every single user viewing the page with the included SWF.
Macromedia has announced that there will be a new Flash 6 player made available in July that will address the security issue with a new EMBED/PARAM parameter, the parameter will allow web sites to turn off any outbound scripting (ActionScript getURL() actions that specify a scripting statement) when displaying SWF content.
posted by MoiK78 at 13:45 
| 
