Are there ways to maliciously pause a Flash movie from within the page?

Question

I am looking for ways that someone could maliciously pause a Flash movie - I'm not talking about how to do it from within the code, I'm really looking for ways it could be done within the browser by a visitor to a website. We have a hacking issue that we think could be caused by this, and are trying to recreate it (yes, I know we should be protecting against this on the server side, we are going to do that too, but want to try and cover all our bases).

I've seen that it is possible to call something similar to

window.document["flashobject"].StopPlay()

but I've not actually managed to recreate this. Perhaps there is a way to do it with a GreaseMonkey script or similar?

Answer 1

If you're getting hacked because a flash movie isn't playing there must be something weird with the movie.

Beyond that, as far as I know, you can stop a flash movie using 'right click', 'play' from within the browser. If the movie is playing, this will stop it. Alternatively one could do this programmatically by setting the param 'play' to false or something.

Flash components should be treated as any other form of user input - don't trust that is will do the right thing, and solve the problem server-side.