Macromedia Flash Player Predictable Data Location Weakness

2003-12-17T08:20:42
ID OSVDB:3057
Type osvdb
Reporter OSVDB
Modified 2003-12-17T08:20:42

Description

Vulnerability Description

Macromedia Flash Player contains a flaw that may allow a malicious user to, in combination with some well known Internet Explorer vulnerabilities, replace data files with malicious content. The issue is triggered when Flash Player creates data (.sol) with predictable names in known locations. It is possible that the flaw may allow files to be read or malicious code to be ran in the context of the local system.

Solution Description

Upgrade to version 7.0.19.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Macromedia Flash Player contains a flaw that may allow a malicious user to, in combination with some well known Internet Explorer vulnerabilities, replace data files with malicious content. The issue is triggered when Flash Player creates data (.sol) with predictable names in known locations. It is possible that the flaw may allow files to be read or malicious code to be ran in the context of the local system.

References:

Vendor URL: http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html Vendor Specific Solution URL: http://www.macromedia.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash Secunia Advisory ID:10449 CVE-2003-1017 Bugtraq ID: 8900