Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Drew Daniels (umdanie8cc.umanitoba.ca)
Date: Tue Mar 19 2002 - 16:29:43 CST
('binary' encoding is not supported, stored as-is)
Vulnerable systems: unpatched "standalone Flash
players" (Macromedia Shockwave Flash player
versions before January 2002?)
Fix: "In response to the discovery of the virus, in
January Macromedia released an update to its
standalone Flash player that causes the player to
ignore the "exec" action."
Exploit Description: "Vengy's demo showed how
the "save" command could be used to create a batch
program on the hard disk of Flash standalone player
users who viewed a movie containing the Trojan
horse code. In the demo, the Trojan program
executed when the victim rebooted his or her
Credit: Vengy ? (cyber_flashhotmail.com ?)
"Vengy's advisory on the Flash "save" vulnerability is
at http://www.geocities.com/cyber_flash5/ ."
"Macromedia's technical note on the "exec" hole is at
"A description of the SWF/LFM-926 virus is at
I also tracked down this:
The SWF/LFM-926 virus exploites a related
ActionScript command known as fscommand:exec
which is in another vulnerability.
These seem to be different than bid 2162.
This is my first post to bugtraq and I am mearly trying
relaying information from another source in order that
vulnerabilities get the attention they deserve.