[24749] in bugtraq
More SWF vulnerabilities?
daemon@ATHENA.MIT.EDU (Drew Daniels)
Tue Mar 19 21:30:29 2002
Date: 19 Mar 2002 22:29:43 -0000
Message-ID: <20020319222943.18670.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Drew Daniels <umdanie8@cc.umanitoba.ca>
To: bugtraq@securityfocus.com
Vulnerable systems: unpatched "standalone Flash
players" (Macromedia Shockwave Flash player
versions before January 2002?)
Fix: "In response to the discovery of the virus, in
January Macromedia released an update to its
standalone Flash player that causes the player to
ignore the "exec" action."
Exploit Description: "Vengy's demo showed how
the "save" command could be used to create a batch
program on the hard disk of Flash standalone player
users who viewed a movie containing the Trojan
horse code. In the demo, the Trojan program
executed when the victim rebooted his or her
computer."
Credit: Vengy ? (cyber_flash@hotmail.com ?)
From:
http://cartome.org/flash-hole.htm
"Vengy's advisory on the Flash "save" vulnerability is
at http://www.geocities.com/cyber_flash5/ ."
"Macromedia's technical note on the "exec" hole is at
http://www.macromedia.com/support/flash/ts/docume
nts/standalone_update.htm ."
"A description of the SWF/LFM-926 virus is at
http://www.sophos.com/virusinfo/analyses/swflfm926.
html "
I also tracked down this:
http://www.macromedia.com/support/flash/ts/docume
nts/swf_clear.htm
The SWF/LFM-926 virus exploites a related
ActionScript command known as fscommand:exec
which is in another vulnerability.
These seem to be different than bid 2162.
This is my first post to bugtraq and I am mearly trying
relaying information from another source in order that
vulnerabilities get the attention they deserve.
Drew Daniels
