Flash exploit overwrites clipboard, affects all browsers

— 11:04 AM on August 20, 2008

Users of less-popular browsers can be overwhelmed by smugness when a particularly nasty security hole appears in Internet Explorer. Few must be laughing about this latest one, though. ZDNet has the scoop on a new exploit in Flash banners that targets users of Windows, Mac, and Linux systems running IE, Firefox, and Safari.

According to testimony from a Mac OS X user, the exploit overwrites the clipboard with a malicious URL. That can lead some folks to unknowingly spam the link, potentially leading others into harm's way. The testimony claims flash banners harboring the exploit show up on sites linked from the Digg front page, so this problem could be widespread.

For a (safe) look at the exploit in action, ZDNet links a proof-of-concept demo put together by security researcher Aviv Raff. The demo page looks innocuous, but it quietly overwrites the keyboard with "http://www.evil.com." When we ran the demo with both Firefox 3.0.1 and Opera 9.51, we had to close the browser before being able to copy anything else. Nasty.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.