Flash Cross-Site Scripting Attacks

13 June, 2008 at 23:04 Leave a comment

Adobe Flash content on numerous web sites contain input validation vulnerabilities. A remote user can conduct cross-site scripting attacks. [Editor’s note: This is not a vulnerability in Flash player.] Some Adobe Flash content (‘.swf’ files) may not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user’s browser. The code will originate from the site hosting the Adobe Flash content and will run in the security context of that site. As a result, the code will be able to access the target user’s cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Pre-generated SWF files distributed with Adobe Dreamweaver CS3 and Adobe Acrobat Connect are affected. Other SWF files may also be affected.

These vulnerabilities were reported in a pending book by Rich Cannings of Google and Himanshu Dwivedi and Zane Lackey of iSEC Partners.

[Editor’s note: This is not a vulnerability in Flash Player, per se. Because the issues may numerous web sites, the issue is reported here so that content creators can analyze their code for input validation flaws.]

Detailed description

Date Issued:

April 15th, 2008

Affected Software and Components:

Camtasia Studio v1, v2, v3, v4, and v5 Flash content, except ExpressShow SWF content, the default in v5, which does not accept external input variables. Camtasia Studio v5.1 resolves this issue and is not affected by the vulnerability.

Vulnerability Description:

If Flash content (for example, SWF files) is created by the above affected software and is embedded in a website, then the website hosting the Flash content may be vulnerable to cross-site scripting attacks. An attacker can submit malicious data to the vulnerable Flash content in order to perform a cross-site scripting attack: when the vulenerable Flash content is viewed by a website visitor, the visitor’s Flash player may take insecure, potentially harmful actions. These actions include modification of website content or sending website information such as cookies to the attacker.

Workarounds
or Mitigations:

Customers concerned about creating secure Flash content should upgrade to Camtasia Studio v5.1. Customers concerned about viewing Flash content can upgrade their Flash player. Adobe reports that they have addressed the vulnerability with an update to Flash Player (v9.0.115.0), as explained at the following link: Adobe Security Bulletin

FAQs:

Are any other TechSmith products or services vulnerable?

No. SWF files created by the TechSmith Jing application (www.jingproject.com) are not affected by this vulnerability, since there is no user-controlled input passed to the SWF file. All Camtasia Studio SWF files hosted by TechSmith’s Screencast.com media hosting site, created using any version of Camtasia Studio with any production options, are not affected by this vulnerability. Input parameters passed to the SWF files hosted on Screencast.com are provided by the Screencast.com service, which mitigates this vulnerability. All other TechSmith products do not produce or use SWF files.

Related Advisories:

Acknowledgements:

TechSmith would like to thank Rich Cannings of the Google Security Team for reporting this issue to us.

Revisions:

  • This bulletin was first issued on 4/15/08.

What is a Security Bulletin?

A security bulletin is a public statement published by TechSmith to announce the resolution of a security issue, including resources (for example, a patch) to help our customers protect themselves.

[http://securitytracker.com/alerts/2007/Dec/1019141.html]
[http://www.techsmith.com/]
Advertisements

Entry filed under: XHTML. Tags: , .

RIA – Rich Internet Applications (Marc Domenig) Java Aglets

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


IT Passion’s Store

Archives

Communities

Get the Source
OSGi supporter
JUG Milano

Upcoming Events



....

Blog Stats

  • 328,400 hits

My PageRank

What's My Google PageRank?

%d bloggers like this: