Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Flash Origin Policy Attack SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Flash Origin Policy Attack

An apparently critical vulnerability in Adobe Flash has been identified that could allow sites with user generated content to attack clients. Adobe has been advised but has not issued an advisory as of yet, and no patch or easy mitigation information is available. It is possible of course to disable Flash entirely, or even selectively using addons and plugins for your browser of choice.The original disclosure is here: http://www.foregroundsecurity.com/flash-origin-policy-issues.html

I would wonder what methods of detecting this exploit exist?

Cheers,
Adrien de Beaupré
EWA-Canada.com


 

I will be teaching next: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques - SANS Europe Pen Test Special 2020

Adrien de Beaupre

353 Posts
ISC Handler
Nov 13th 2009
How do I test if my site is vulnerable to this?
Is there a harmless poc flash file available anywhere?
Anonymous

Sign Up for Free or Log In to start participating in the conversation!