BID 24856 - Flash Player SWF Vulnerability

Stefano DiPaola, Elia Florio and Giorgio Fedon has discovered quite serious vulnerability in Adobe's Flash player. If you haven't heard about it, let me tell you something: "It is big". Read more about the vulnerability from here and here.

The video above was assembled by the Symantec guys. It shows working examples for Firefox on Windows, Safari on MacOS and Opera on Wii. Demonstration exploit code is available from SecurityFocus.

I've met Stefano and Giorgio at OWASP in Italy and they are one heck of a good guys. Actually I sort of knew that something is going on behind the scenes, since Stefano was digging into the FLV format at that time. His presentation on XSS in Flash was really good. Please check it out from here.

So how bad is this vulnerability? I must say that it is pretty bad. Notice, that the exploit runs straight from YouTube.