|
Full Disclosure
mailing list archives
Re: First case of Cyber Rolling?
From: "Dr. J Swift" <fdiscsplat () gmail com>
Date: Sun, 11 May 2008 17:28:38 -0400
On Sat, May 10, 2008 at 11:03 PM, n3td3v <xploitable () gmail com> wrote:
Scaring people with fullScreen
* Posted by bunnyhero
* 2008 May 10
When Flash Player 9 goes into full screen mode, it pops up a little
security message that tells the user how to exit full screen mode. It
appears as white text on a semi-transparent black background so it is
generally always visible (which is good). Still, I wondered if it
could be obscured.
The message is always on top, so it is impossible to draw over it. But
what if we tried distracting the user from the actual security
message?
Here's a silly test:
Of course, you can press Esc (or alt+tab to another window) to escape.
UPDATE: I have made the source code available, warts and all, under a
ZLib licence. Share and enjoy :)
http://www.bunnyhero.org/2008/05/10/scaring-people-with-fullscreen/
Mr. Wallace,
Are you bunnyhero?
Why would you publish this exploit?
Did you contact the affected vendors prior to your publishing this?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
|
