History

Flash as attach transport Vehicle

URI Schema issue

The Flash Player usually issues a user query (pop-up) when ActionGetURL2 references some remote location. However, it has been observed that, at least when locally opening SWF files, other schemata are not causing a user query. Example: foottp://some/location/that/may/overflow/ directly fires the browser without any user intervention. This could be used to target vulnerable URI schema handlers on the victim's system.

Also available in: HTML TXT