User Privilege Gain using Flash Active X Flaw ??!
Listen to this article
:: Talkr
Most of you would have noticed that my site was down for almost two weeks without any notice. When I checked with my service provider he goes "We have received complaints from our data center that your site is causing some serious security violation" and when I dug into this further he says that a Flash file was being used to compromise the system. Holy crap!! What the hell are you saying? I knew that there was a Active X flaw in Flash Player earlier which gives the ability to do a buffer overflow hack (whatever that means) but I have only read about such things in Wired magazine and have never even done anything close to that.
After hours (or should I say days) of investigation I was told that the file in question was the example SWF which I posted for this entry in my blog. The file is a very simple example which uses the ContextMenu API to open a link in a new window and how could that possibly cause a security violation and that too of this intense a nature.
This was the message which I got from my service provider:
------------------------------------------------------------------------------------------------------
From: xxxxxx
Sent: 09 November 2006 18:11
To: xxxxxxxxxxx
Subject: SNORT ALERT: 1 in Application:snort:ALERT
--------------------------------------------------------------------------------
EVENT #
353
EVENT LOG
Application
EVENT TYPE
Information
SOURCE
snort
EVENT ID
1
COMPUTERNAME
xxxxx
TIME
11/9/2006 6:11:16 PM
MESSAGE
[1:7978:2] WEB-CLIENT ShockwaveFlash.ShockwaveFlash ActiveX CLSID access [Classification: Attempted User Privilege Gain] [Priority: 1]: {TCP} xx.xx.xxx.xxx:xx -> xxx.xxx.x.xx:xxxx
Does anyone out there have any clue of what had gone wrong? This is the first time in my life I am hearing of anything like this. Believe me I was almost feeling like I am in a deep trouble for nothing. Finally I removed three SWF’s from my site which I suspected to be the troublemakers and got my site to life again. Will someone from Adobe care to look into this?