-
A downloaded SWF file is considered a "movie" and supposed to be safe. Right ?
But, when you click the SWF file, the standalone flash player comes out and execute fscommand.
There are examples in FlashKit,that using the horizontal tab chr(9) to replace the SPACE, parameters can be passed to the command string.
By this, malicious SWF can do nearly anything, including damages.
By this, I can write an SWF movie with fscommand in frame 2 to command standalone Flash player to delete your C: disk without asking for confirmation.
Is that terrible, or should we be "careful" not to download SWF file that we do not TRUST?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|