I saw the recent post about the XSS vulnerability if a SWF was published from an old application (old news..).. here.. and it reminded me that a while back I was looking for a way to read the SWF metadata from within the SWF. I can't go into why.. but at the time I couldn't find a way to do it. I'm sure it could be hacked pretty easily but didn't see a direct and easy way to do it.

Metadata can be read from the SWF header by a web server serving up the SWF by using PHP, ColdFusion, .NET, etc.. , and you could also have some JavaScript that pokes at the meatadata in any SWFs coming from 3rd parties.. it can be handy. The metadata can also be set via JSFL..

So I looked at the docs on metadata and it looked promising..

but the metaData returned from the document when I checked it from JSFL was: "XML Metadata is :<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:Description rdf:about="" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:title>my dinky little title</dc:title><dc:description>some super important description</rdf:Description>"

The examples in the docs also show CreateDate and CreatorTool.. hmm.
<xmp:CreateDate>2004-10-12T10:29-07:00</xmp:CreateDate>
<xmp:CreatorTool>Flash Authoring WIN 8,0,0,215</xmp:CreatorTool>

which might be of interest.. hmm.. I might have to spend some time looking into reading the header of a SWF again and see what turns up. Maybe somebody has already figured this one out and I just haven't searched around enough.