('binary' encoding is not supported, stored as-is) Vulnerable systems: unpatched "standalone Flash
players" (Macromedia Shockwave Flash player
versions before January 2002?)

Fix: "In response to the discovery of the virus, in
January Macromedia released an update to its
standalone Flash player that causes the player to
ignore the "exec" action."

Exploit Description: "Vengy's demo showed how
the "save" command could be used to create a batch
program on the hard disk of Flash standalone player
users who viewed a movie containing the Trojan
horse code. In the demo, the Trojan program
executed when the victim rebooted his or her
computer."

Credit: Vengy ? (cyber_flashhotmail.com ?)


From:
http://cartome.org/flash-hole.htm

"Vengy's advisory on the Flash "save" vulnerability is
at http://www.geocities.com/cyber_flash5/ ."

"Macromedia's technical note on the "exec" hole is at
http://www.macromedia.com/support/flash/ts/docume
nts/standalone_update.htm ."

"A description of the SWF/LFM-926 virus is at
http://www.sophos.com/virusinfo/analyses/swflfm926.
html "

I also tracked down this:
http://www.macromedia.com/support/flash/ts/docume
nts/swf_clear.htm

The SWF/LFM-926 virus exploites a related
ActionScript command known as fscommand:exec
which is in another vulnerability.

These seem to be different than bid 2162.

This is my first post to bugtraq and I am mearly trying
relaying information from another source in order that
vulnerabilities get the attention they deserve.

     Drew Daniels

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]