Any risk for uploading swf file to document library? RRS feed

  • Question

  • Just wondering if there's any risk of letting users uploading .swf file to a document library?
    Friday, May 10, 2013 3:50 AM


  • In itself, it is not a risk (if you trust the code authors).  However Flash code (like VBScript, JavaScript, ActiveX and even HTML) is subject to cross site scripting vulnerabilities where an attacker could impersonate the user, execute code and/or steal the session cookie.    

    See : http://technet.microsoft.com/en-us/security/bulletin/ms12-050


    Friday, May 10, 2013 4:18 AM