Flash Player Cross Server Scripting Security Issue

As reported on the 5th of June 2002 in a paper from Eyes On Security (Bypassing JavaScript Filters – the Flash! Attack), Flash SWF content can allow malicious users of web sites that allow users to upload or include SWF content to get access to information (cookies etc) that they aren’t supposed to have access to. Today Macromedia has released a security tech note about the issue: Macromedia: MPSB02-08 – Macromedia Flash Player Cross Server Scripting Security Issue It describes the problem in detail, and most interestingly offers a solution […]

Flash Player Cross Server Scripting Security Issue Read More »

Flash Cross-site scripting attack

Eyes on security has released a warning about Cross-site scripting attacks made possible on sites that allow uploadable files – Bypassing JavaScript Filters – the Flash way Basically, if you have a forum or pages where you allow users to upload files, the user will still be able to execute JavaScript through the SWF file, even if posting of JavaScript is disabled in the forum/on the pages. Allowing JavaScript execution allows malicious users to catch other users cookies from the domain the file is placed. The solution? Not allowing SWF

Flash Cross-site scripting attack Read More »

Opera not so safe after all

Opera is a browser that I have often mentioned whenever vulnerabilities in Internet Explorer has been published (which happens a lot more often than I comment on it, but thats a digression). But all was not good in the paradise of the Opera browser I found out today. The Register writes: vulnerability in Opera 6.01 and 6.02 for Windows allows a malicious Web site to grab any file off a client’s local drive with ease, GreyMagic Software has discovered. That’s the bad news. The good news is that affects only

Opera not so safe after all Read More »

More Internet Explorer vulnerabilities

If you are a Windows/Internet Explorer user, please pay attention. Quote from the Technote: Impact of vulnerability: Six new vulnerabilities, the most serious of which could allow code of attacker’s choice to run. Solution? Get the 2 MB security fix from Microsoft or Get the fastest browser on earth (Opera). Its also a good browser to try if you are on Linux or Mac.

More Internet Explorer vulnerabilities Read More »

ActiveX flaw exposes Flash users to hacks

Via Flazoom: ActiveX flaw exposes Flash users to hacks ZDNet writes about a buffer overflow vulnerability in the previous version of the Flash 6 player (revision 23), the overflow allows for attacks via some HTML e-mail clients and when visiting malicious web sites. The problem only exist for Internet Explorer on the Windows platform. If you haven’t already, its a good idea to update to the latest version of the Flash 6 player – the update fixes the overflow vulnerability, and also fixes some other serious bugs in the Flash

ActiveX flaw exposes Flash users to hacks Read More »

More security problems found in IE

If you are using Internet Explorer as your browser, using the back button could expose you to malicious code. Microsofts reaction? «because the proposed exploit scenario is dependent upon specific user interaction as a prerequisite, it does not meet our definition of a security vulnerability.» Another Big MS Browser Hole Found The security fix? Switch to Opera today.

More security problems found in IE Read More »

Scroll to Top