News & Media
Become a member »
» Malicious Flash Sites Taking Over the Clipboard
Malicious Flash Sites Taking Over the Clipboard
03 September 2008
Click here for printable version
Through the use of the setClipboard() function in Flash, attackers are writing malicious URL's to the viewers clipboard in order to lead them to other malicious sites.
Whilst this is not a vulnerability as such, it demonstrates how legitimate functions can be used in ways not intended in order to compromise a user's machine.
This is a good point for developers: what assumptions are you making about the way code you write will be used?
In order to be exploited by this you would need to visit a site hosting a malicious Flash file (SWF). The SWF would then copy a URL to your clipboard which if you pasted into the address browser would take you to the intended site.
You often see advice on copying and pasting URLs into a browser, especially if it is one you have received in an email (due to attackers hiding the true URL through html code). This exploit shows that you must be vigilate in every step you take.
Comments? Click here