Hello participants of Mailing List. Different attack can be made via Flash. In 2010 in article Content Spoofing attacks: Link Injection and Text Injection and in 2012 in article Content Spoofing attacks: Content Injection and Site Injection (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2012-November/008614.html) I told about different CS attacks, part of which concerned Flash. Also I wrote in 2008, 2009 and 2010's articles XSS vulnerabilities in 215000 flash files, XSS vulnerabilities in 8 millions flash files and XSS vulnerabilities in 34 millions flash files about XSS attacks via flash banners and tagcloud.swf (WP-Cumulus). Last week I wrote new article Attacks via Flash. These topic should be interesting for you (especially for those, who haven't read it before). Attacks via Flash. http://websecurity.com.ua/6794/ In the article I described different attacks via Flash. This is the list of possible attacks on users and visitors of sites via flash plugin, which I created already in December 2009. * Remote Flash Inclusion. * Remote Flash Injection. * Cross-Site Scripting. * Link Injection. * Text Injection. * Remote Audio Inclusion. * Remote Video Inclusion. * Remote Image Inclusion. * Remote XML Inclusion. * Denial of Service - via DoS vulnerabilities (http://www.youtube.com/watch?v=3W_5jb17Aus) in flash-plugin (http://www.youtube.com/watch?v=xi29KZ3LD80). * Remote Code Execution - via vulnerabilities in flash-plugin (http://www.youtube.com/watch?v=DnUhKF9RiuM). * User tracking. * Redirection. * Malware spreading and phishing. Attack on including audio, video and images I called in one term Content Injection. And Remote XML Inclusion can be used as for Content Injection, as for Site Injection. About which I wrote in above-mentioned article. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua