Adobe Flash ads launching clipboard hijack attack

Tried with updated NoScript and it did stop/block this POC.
Not that FF is my first choice of browsers but it does seam to defend against this.
Nothing else stops/blocks this

 

Sorry, but how to test. I get what you show in the screenshot, but can freely copy/paste/cut before closing the browser. (JS not enabled)
Using Opera 9.52 on Ubuntu Linux. Maybe my urlfilter.ini file which contains
a lot of ad blocking filters takes care of it, I don't know.
There is also a flashblock for Opera here:- http://my.opera.com/Lex1/blog/flashblock-for-opera-9

Have tried the above flashblock, seems to work fine.

 

I just checked it again with NoScript. I does block this, when clicking the proof-of-concept demo provided in Adobe Flash ads launching clipboard hijack attack | Zero Day | ZDNet.com, nothing was transferred to my clipboard. That test flash object was blocked by NoScript.

 

I am not sure what happened in ur case, it works on my system with Opera 9.51, exactly as I described.

 

I suspect it can,t.

 

Hmmmm ... not the FF but NoScript or more precisely flash block defends against this.

 

Got it.

 

SafeSpace failed too. I was thinking it might pass.

 

Sure it can, create a rule to BLOCK flash, game exploit over. Simple as that. I don't see much of a threat with all these new POC's being formed because it takes a forceful effort to bog down a PC altogether or get very far before today's security apps identify something and throw on the brakes.

 

Windows software restriction policy (LUA+SRP) does not stop the attack. Other software that blocks executables would also probably not block this as well, I gather.

 

Why bother to block flash with EQS. It can be blocked by browser itself. It,s not success of EQS.

 

ClipGuru, a free clipboard manager from HTConsulting - http://clipguru.com - attempts to notify users of Windows clipboard hijacking. It does not prevent it from happening, just alerts if it does.