Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Flash Origin Policy Attack

Published: 2009-11-13
Last Updated: 2011-01-25 00:01:35 UTC
by Adrien de Beaupre (Version: 2)
1 comment(s)

An apparently critical vulnerability in Adobe Flash has been identified that could allow sites with user generated content to attack clients. Adobe has been advised but has not issued an advisory as of yet, and no patch or easy mitigation information is available. It is possible of course to disable Flash entirely, or even selectively using addons and plugins for your browser of choice.The original disclosure is here: http://www.foregroundsecurity.com/flash-origin-policy-issues.html

I would wonder what methods of detecting this exploit exist?

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

 

1 comment(s)
Diary Archives