Google Site Search


Tuesday, January 15, 2008

XSS using Flash is a growing menace

Jeremiah Grossman has alerted the world on a growing menace of XSS (Cross-site scripting) using FLASH.

Rich Cannings has authored a paper on this which is freely available: XSS Vulnerabilities in Common Shockwave Flash Files

Critical vulnerabilities exist in a large number of widely used web authoring tools that automatically generate Shockwave Flash (SWF) files, such as Adobe (r) Dreamweaver (r), Adobe Acrobat (r) Connect (tm) (formerly Macromedia Breeze), InfoSoft FusionCharts, and Techsmith Camtasia. The flaws render websites that host these generated SWF files vulnerable to Cross-Site Scripting (XSS).

No comments: