Welcome to WebmasterWorld Guest from 54.226.147.190

Forum Moderators: open

Message Too Old, No Replies

Adobe/Flash XSS exploit still not fixed

...even after 16 months warning regarding swf files

     

tangor

3:58 am on May 14, 2009 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



More than 16 months after researchers warned that critical vulnerabilities in Adobe Flash files leave websites vulnerable to phishing and other serious attacks, a wide array of pages - some hosted on Adobe.com itself - remain vulnerable.

The problem stems from buggy SWF files that generate banner ads and other animated content. In December 2007, a team of researchers discovered the files could be exploited by attackers to tamper with websites belonging to banks, government agencies and other trusted organizations. Over the next few months, the researchers repeatedly warned webmasters the problem would be difficult to fix, because it would require potentially millions of graphics files to be regenerated, often from scratch.

As reported at The Register

[theregister.co.uk...]

 

Featured Threads

Hot Threads This Week

Hot Threads This Month