 
|
|
In partnership with:
|
7 January 2008 Flash users hit by cross-site scripting flawKarl Flinders, Computer Weekly The United States Computer Emergency Readiness Team (US-Cert) has reported security vulnerabilities in Flash file code. The problem allows cross-site scripting attacks via websites. US-Cert said there are reported vulnerabilities in Flash (SWF) files that may allow a remote, unauthenticated attacker to conduct cross-site scripting attacks on a vulnerable system. The flaws exist in the way that input is validated when passed to embedded ActionScript and JavaScript in the SWF file. Authoring tools that automatically generate Flash files may introduce these vulnerabilities, said US-Cert. The Flash file problem comes as US-Cert also reports there is exploit code in the wild to take advantage of a flaw in RealPlayer. The exploit reportedly affects RealPlayer 11 build 6.0.14.748. US-Cert will provide more information on this problem at a later date. This article first appeared on the web-site of Computer Weekly, at http://www.computerweekly.com/Articles/2008/01/04/228746/flash-users-hit-by-cross-site-scripting-flaw.htm. © Reed Business Information 2008.
US-Cert: hackers are attacking flaw in Microsoft Access (13 December 2007) Worm attack predicted for Microsoft server service vulnerability (9 July 2006)
|
|
