[NEWS] Macromedia Flash Plugin Can Read Local FilesFrom: firstname.lastname@example.org
- Previous message: email@example.com: "[NT] Cross-Site Scripting Issues in Falcon Web Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: firstname.lastname@example.org To: email@example.com Date: Sat, 10 Aug 2002 22:32:45 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Macromedia Flash Plugin Can Read Local Files
Macromedia Flash Player is the leading rich client for Internet content
and applications across the broadest range of platforms and devices.
According to Macromedia, more than 90% of web users are able to view
Macromedia Flash content. Macromedia Flash Player is available for all
major browsers on Windows, Mac OS, and Linux as well as well as on device
platforms such as Pocket PC and Nokia Communicator. There is a bug in
Macromedia Flash Player that allows reading and sending of local files.
This can be achieved in three ways:
1. Force a http redirect to a local file
2. Place a <base href="file:///C:/"> in the document then use a relative
3. Embed the flash object in a web archive (mht file) and make it seem as
though it has been saved from a location on the user's hard drive, then
use a relative URL.
Systems affected :
The vulnerability has been confirmed to work on Macromedia Flash Player 6
under Internet Explorer 6.
* Macromedia Flash version 126.96.36.199
Demonstrations of the issues described are available at:
All of the above examples will read and displays the contents of
c:\jelmer.txt. The examples use the Macromedia Flash XML object, first
introduced in Macromedia Flash Player 5 to read the local files.
There may be other ways to achieve the same effect.
Macromedia was notified on July 12 2002. The latest build fixes the
The information has been provided by <mailto:firstname.lastname@example.org>
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: email@example.com
In order to subscribe to the mailing list, simply forward this email to: firstname.lastname@example.org
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.