July 05th 2002 | Jens C Brynildsen
Macromedia has released a Security bulletin about a Cross Server Scripting Security Issue with their Flash player
A typical abuse of this security fault would be for a malicious user to include a seemingly innocent SWF signature that at the same time would be able to transfer data such as cookies from every single user viewing the page with the included SWF.
Macromedia has announced that there will be a new Flash 6 player made available in July that will address the security issue with a new EMBED/PARAM parameter, the parameter will allow web sites to turn off any outbound scripting (ActionScript getURL() actions that specify a scripting statement) when displaying SWF content
Flash Cross Server Scripting Security Bulletin