Full Disclosure mailing list archives
Re: First case of Cyber Rolling?
From: "Dr. J Swift" <fdiscsplat () gmail com>
Date: Sun, 11 May 2008 17:28:38 -0400
On Sat, May 10, 2008 at 11:03 PM, n3td3v <xploitable () gmail com> wrote:
Scaring people with fullScreen
* Posted by bunnyhero
* 2008 May 10
When Flash Player 9 goes into full screen mode, it pops up a little
security message that tells the user how to exit full screen mode. It
appears as white text on a semi-transparent black background so it is
generally always visible (which is good). Still, I wondered if it
could be obscured.
The message is always on top, so it is impossible to draw over it. But
what if we tried distracting the user from the actual security
message?
Here's a silly test:
Of course, you can press Esc (or alt+tab to another window) to escape.
UPDATE: I have made the source code available, warts and all, under a
ZLib licence. Share and enjoy :)
http://www.bunnyhero.org/2008/05/10/scaring-people-with-fullscreen/
Mr. Wallace, Are you bunnyhero? Why would you publish this exploit? Did you contact the affected vendors prior to your publishing this? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- First case of Cyber Rolling? n3td3v (May 10)
- Re: First case of Cyber Rolling? Dr. J Swift (May 11)
- Re: First case of Cyber Rolling? Ureleet (May 12)
- Re: First case of Cyber Rolling? Dr. J Swift (May 11)