[ Flash DNS Rebinding Flaw Fixed ]
Well, I guess I can talk about it now since they've fixed it. Nate and I found a DNS rebinding flaw in Adobe Flash that had to do with domain name canonicalization. I'm going to post a more in depth explanation of how it worked in the coming days but I'm too busy for that right now.
Anyway, just a quick hint, this issue is actually the one we used to pull of our Picasa exploit in a reliable fasion...
edit: I would also like to point out that this is not the issue pdp found that he used to exploit routers via CSRF. I think the CVE we are given credit for in the Adobe advisory may be incorrect because it does not describe the vulnerability we discovered.
edit 2: Apparently the CVE reference was a typo on Adobe's part. Should be fixed soon hopefully. Also, there were 7 separate vulnerabilities addressed in the patch that was released including the flaw used to bring the Vista system to its knees in Pwn2Own.
edit 3: The CVE for the DNS Rebinding vulnerability is CVE-2008-1655.