Flash files a bit too flash, it seems
A new vulnerability in the way Internet Explorer deals with Macromedia Flash files could leave users open to phishing attacks.
The vulnerability was discovered by a user called Hai Nam Luke and posted on security firm Secunia's list of advisories.
The problem is caused by a 'race condition' in the loading of web content and Macromedia .swf files in browser windows.
Malicious users could exploit this to spoof the address bar in a browser window that displays a Flash file from a malicious website. Secunia ranked the problem as 'moderately critical'.
"The impact of exploitation is reduced because the URL of the malicious Flash file is visible in the title of the browser window," said the security firm in a statement.
The vulnerability has been confirmed on a fully patched system running Internet Explorer 6.0 and Microsoft Windows XP with Service Pack 1 and 2.
Secunia said that other versions of the operating system and browser may also be affected.
A new vulnerability in the way Internet Explorer deals with Macromedia Flash files could leave users open to phishing attacks.
The vulnerability was discovered by a user called Hai Nam Luke and posted on security firm Secunia's list of advisories.
The problem is caused by a 'race condition' in the loading of web content and Macromedia .swf files in browser windows.
Malicious users could exploit this to spoof the address bar in a browser window that displays a Flash file from a malicious website. Secunia ranked the problem as 'moderately critical'.
"The impact of exploitation is reduced because the URL of the malicious Flash file is visible in the title of the browser window," said the security firm in a statement.
The vulnerability has been confirmed on a fully patched system running Internet Explorer 6.0 and Microsoft Windows XP with Service Pack 1 and 2.
Secunia said that other versions of the operating system and browser may also be affected.
Share this page
Email this page
Back to Top
Home
Edit Post
0 comments: