copyright
|
disclaimer
|
privacy
|
contact
HOME
About
AusCERT
Membership
Contact Us
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
Login »
Become a member »
Home
»
Publications
» Malicious Flash Sites Taking Over the Clipboard
Malicious Flash Sites Taking Over the Clipboard
Date:
03 September 2008
Click here for printable version
Through the use of the setClipboard() function in Flash, attackers are writing malicious URL's to the viewers clipboard in order to lead them to other malicious sites.
Whilst this is not a vulnerability as such, it demonstrates how legitimate functions can be used in ways not intended in order to compromise a user's machine.
This is a good point for developers: what assumptions are you making about the way code you write will be used?
In order to be exploited by this you would need to visit a site hosting a malicious Flash file (SWF). The SWF would then copy a URL to your clipboard which if you pasted into the address browser would take you to the intended site.
You often see advice on copying and pasting URLs into a browser, especially if it is one you have received in an email (due to attackers hiding the true URL through html code). This exploit shows that you must be vigilate in every step you take.
Paul
Comments? Click here
http://www.auscert.org.au/render.html?cid=1920&it=9784