Re: Flash same-origin vulnerability

I don't see much new here -- this is vintage HTML injection, just with "HTML" replaced by "Flash".   (The rest sounds like a few nifty tricks for hiding Flash in other file types; nothing qualitatively new in there, either.)

Cheers,
--
Thomas Roessler, W3C  <tlr@w3.org>







On 13 Nov 2009, at 03:18, noah_mendelsohn@us.ibm.com wrote:

> The article at [1] seems pertinent to our discussions of security. 
> Basically, as I understand it, the vulernability involves sites that allow 
> a user to upload a file, and which then serve that file back without 
> extensive checking.  When the attack succeeds, it's possible to get a SWF 
> file to execute with the origin context of the site to which you uploaded. 
> That's a bit of an oversimplification.  See [1] for details.
> 
> Noah
> 
> 
> [1] 
> http://www.foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html
> 
> --------------------------------------
> Noah Mendelsohn 
> IBM Corporation
> One Rogers Street
> Cambridge, MA 02142
> 1-617-693-4036
> --------------------------------------
> 
> 
> 
> 
> 
> 

Received on Friday, 13 November 2009 09:13:30 UTC