Friday, December 16, 2005

Cross-Site Scripting DOS Vulnerability in Macromedia Flash

During the normal development of web pages I was listening to one of my new favorite places . I loaded the main web page from Tahitian Noni International and therefore had two flash audio files going on at the same time. One was the music from Pandora, the other the drum loop from the TNI website introduction flash. When the drum loop on the TNI website finished (it only loops for 20 seconds or so), my Pandora music stream also stopped.

I thought this was odd. I talked to the developer the programmed the flash file for TNI and he said that he used the ActionScript function stopAllSound() at the end of his drum loop clip. This stopped all the sound not only in the flash in that page, but also in another page in another browser window loaded from a completely different site.

This constitutes a Cross-Site Scripting Denial Of Service vulnerability. So If you want to stop any annoying flash audio that automatically plays, just crate a flash movie that does nothing but call stopAllSound() wait for a second and loops then load it into another browser window.

This was tested with the Flash 8,0,22,0 plug-in on Windows XP (fully patched to the 13 Dec. 2005 patch) in Firefox 1.5 and Internet Explorer 6.0. It also occurred in the Flash 7,0,25,0 plug-in on Fedora Core 4 in Firefox 1.0.7.

It looks like this vulnerability has been around for a long time. I couldn't find anything in bugtraq about it. It is not as big of a vulnerability as remote code execution, script injection, or complete DOS.


Post a Comment

<< Home