Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Adobe Repairs XSS Flaws in Shockwave Flash Files

On January 16, 2008, Adobe issued two security patches to safeguard affected systems from XSS or cross-site scripting attacks.

The productivity software vendor based in San Jose, Calif. patched flaws in Connect Enterprise Server 6, Contribute 4 and CS3, and Dreamweaver editions 8 and CS3 to repair bugs that could help launch XSS attacks on users' computers.

Vulnerability that arises due to input validation faults in Contribute and Dreamweaver affects systems that have Insert Flash video command deployed.

Adobe credited Rich Cannings, Security Researcher at Google, for reporting the flaws that are present in websites' .SWF, i.e., Shockwave Flash files.

Cannings posted on the Internet details of the threats in a Google's public Docs file this month (January 2008), warning that a number of web-authoring applications insert flawed ActionScript code into .SWF files. He said that hacking queries in Google could expose lakhs of flawed .SWF files, which affects important websites on the Internet. InformationWeek published this in news on January 18, 2008.

Canning wrote in his post that by exploiting these .SWF files, it is possible to launch cross-site scripting attacks. InformationWeek.com noted this on January 18, 2008.

Canning further explained that if any app on the web is subject to an XSS flaw, and a hacker entices a user running that program to click a link, then the resulting effect enables the attacker to compromise the user's surfing session in that web app.

Canning noted that the hacker could apply JavaScript to carry out activities seeming to be from the user, for instance, perform an online banking transaction. The hacker could also change the appearance of a website the user visits, such as in a phishing attack.

Chief Technology Officer, Jeremiah Grossman, at WhiteHat Security, told SCMagazine that XSS is currently the most prevalent type of flaw on the web. Grossman commented this on January 17, 2008.

A website named XSSed.com, which publishes a catalogue of XSS flaws reported in various websites, shows the XSS vulnerabilities reported in several high-profile domains such as google.com, yahoo.com, msn.com, and youtube.com. While some of these flaws have been repaired, others are still awaiting mending.

Related article: Adobe Rates Acrobat Vulnerabilities “Critical”

» SPAMfighter News - 30-01-2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next