Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness
"Gray Hat Hacking, Second Edition"
Chapter 15: Client-Side Browser Exploits 361 You can interpret the preceding blob of HTML by breaking it down into the following components: ??? I want to load an object having the identifier D27CDB6E-AE6D-11cf-96B8- 444553540000. If it??™s already installed, information about where it is installed can be found in the registry under HKCR\CLSID\{D27CDB6E-AE6D-11cf- 96B8-444553540000}. ??? If the control is not yet installed, I want to download it from http:// download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab. ??? I need version 6.0.40.0 or higher. If my version is less than 6.0.40.0, I want to download http://download.macromedia.com/pub/shockwave/cabs/flash/ swflash.cab and use that object instead of the object I already have installed. ??? This object takes a parameter named movie. The value to pass to this parameter is ???http://www.apple.com/appletv/media/connect.swf???. There are some very interesting security implications here when you think about an attacker hosting an object tag and luring an unsophisticated user to the website.