Association for Computing Machinery
Today's internet is teeming with dynamic web applications visited by numerous internet users. During their visits, typical web users will unknowingly use tens of rich internet applications like flash banners or media players. For HTML-based web applications, it is well-known that Cross-Site Scripting (XSS) vulnerabilities can be exploited to steal credentials or otherwise wreak havoc, and there is a lot of research into solving this problem. An aspect of this problem that seems to have been mostly overlooked by the academic community is that XSS vulnerabilities also exist in adobe flash applications, and are actually easier to exploit because they do not require an enclosing HTML ecosystem.