Flash vulnerability reveals open ports
From http://scan.flashsec.org/:
Summary
Due to a design flaw in ActionScript 3 socket handling, compiled Flash movies are able to scan for open TCP ports on any host reachable from the host running the SWF, bypassing the Flash Player Security Sandbox Model and without the need to rebind DNS.
You can see a proof of concept at the site, and it's quite interesting to watch. This happens inside your firewalled network, just by browsing the internet.
http://sunbeltblog.blogspot.com/2007/08/flash-vulnerability-reveals-open-ports.html
Summary
Due to a design flaw in ActionScript 3 socket handling, compiled Flash movies are able to scan for open TCP ports on any host reachable from the host running the SWF, bypassing the Flash Player Security Sandbox Model and without the need to rebind DNS.
You can see a proof of concept at the site, and it's quite interesting to watch. This happens inside your firewalled network, just by browsing the internet.
http://sunbeltblog.blogspot.com/2007/08/flash-vulnerability-reveals-open-ports.html
posted by Hardhead | 12:32 AM
0 Comments:
Post a Comment
<< Home