[Full-disclosure] First case of Cyber Rolling?
Dr. J Swift
fdiscsplat at gmail.com
Sun May 11 22:28:38 BST 2008
On Sat, May 10, 2008 at 11:03 PM, n3td3v <xploitable at gmail.com> wrote:
> Scaring people with fullScreen
>
> * Posted by bunnyhero
> * 2008 May 10
>
> When Flash Player 9 goes into full screen mode, it pops up a little
> security message that tells the user how to exit full screen mode. It
> appears as white text on a semi-transparent black background so it is
> generally always visible (which is good). Still, I wondered if it
> could be obscured.
>
> The message is always on top, so it is impossible to draw over it. But
> what if we tried distracting the user from the actual security
> message?
>
> Here's a silly test:
>
> Of course, you can press Esc (or alt+tab to another window) to escape.
>
> UPDATE: I have made the source code available, warts and all, under a
> ZLib licence. Share and enjoy :)
>
> http://www.bunnyhero.org/2008/05/10/scaring-people-with-fullscreen/
>
Mr. Wallace,
Are you bunnyhero?
Why would you publish this exploit?
Did you contact the affected vendors prior to your publishing this?
Full-Disclosure is hosted and sponsored by Secunia.