Flash Player 6 draining user's bandwidth
From: Dan Browder (danb@METMAR.COM)Date: 04/02/02
- Previous message: GreyMagic Software: "Reading portions of local files in IE, depending on structure (GM#004-IE)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 2 Apr 2002 15:29:29 -0600 From: Dan Browder <danb@METMAR.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Many in the Flash community believe there to be a serious Issue with Flash Player 6 that can be a bandwidth drain on an end user's browsing experience.
I have only tested this using Flash Player 6 with Internet Explorer 6 in Windows XP.
The problem goes as follows:
Using the loadMovie (.SWF & .JPG files) or loadSound (.MP3 files) actionscript commands on large files will initiate the download. In previous versions of the Flash Player, loading another file, leaving the web site, or closing the browser window will stop this transfer.
In the current version of Flash Player 6, loading another file will only add to the bandwidth used by the current file. So both are downloading at once, even if you never intend to see or use the first file again.
- This will occur in any file created in Flash 4, Flash 5, or Flash MX when being played back with the Flash 6 Player
Doing this repeatedly (such as by creating a Video or Audio jukebox, using the new Video and MP3 capabilities of Flash MX) on large files will completely void the end user of bandwidth, making normal web browsing nearly impossible without closing all Internet Explorer windows.
- Even if the window using the Flash file is closed, and there is another window open, the downloads will continue.
- Even if you leave the web site and go to a neutral non-Flash web site, the downloads will continue.
- Any way you try to kill or stop the downloads from within the Flash player will fail, the downloads will continue.
I believe this to be a security concern. I see no reason why this could not be easily adapted to a Denial of Service attack in the form of a banner-advertisement, web site, or inline Flash animation -- or even accidentally. The effect would cause the user to exit all open web browser windows or reboot, to free up bandwidth.
More details can be found at:
http://board.flashkit.com/board/showthread.php?threadid=287626 (seems to be under heavy load)
My bandwidth profile can be found at:
http://www.actionscript.com/archives/bandwidth.jpg
A sample Flash jukebox illustrating this problem can be found at:
http://www.myrecords.com/mixtape/mixtape.html
The Flash community has tried to contact Macromedia and receive a response, so far none has been given. Each day the faulty Flash 6 player is downloaded by more internet users, this problem spreads. I take no credit for discovering bug, just reporting it.
Thank You,
Dan Browder
- Previous message: GreyMagic Software: "Reading portions of local files in IE, depending on structure (GM#004-IE)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
