('binary' encoding is not supported, stored as-is) Vulnerable systems: unpatched "standalone Flash players" (Macromedia Shockwave Flash player versions before January 2002?) Fix: "In response to the discovery of the virus, in January Macromedia released an update to its standalone Flash player that causes the player to ignore the "exec" action." Exploit Description: "Vengy's demo showed how the "save" command could be used to create a batch program on the hard disk of Flash standalone player users who viewed a movie containing the Trojan horse code. In the demo, the Trojan program executed when the victim rebooted his or her computer." Credit: Vengy ? (cyber_flashat_private ?) From: http://cartome.org/flash-hole.htm "Vengy's advisory on the Flash "save" vulnerability is at http://www.geocities.com/cyber_flash5/ ." "Macromedia's technical note on the "exec" hole is at http://www.macromedia.com/support/flash/ts/docume nts/standalone_update.htm ." "A description of the SWF/LFM-926 virus is at http://www.sophos.com/virusinfo/analyses/swflfm926. html " I also tracked down this: http://www.macromedia.com/support/flash/ts/docume nts/swf_clear.htm The SWF/LFM-926 virus exploites a related ActionScript command known as fscommand:exec which is in another vulnerability. These seem to be different than bid 2162. This is my first post to bugtraq and I am mearly trying relaying information from another source in order that vulnerabilities get the attention they deserve. Drew Daniels
This archive was generated by hypermail 2b30 : Tue Mar 19 2002 - 18:30:32 PST