Macromedia Flash Player Predictable Data Location Weakness
2003-12-17T08:20:42
ID OSVDB:3057 Type osvdb Reporter OSVDB Modified 2003-12-17T08:20:42
Description
Vulnerability Description
Macromedia Flash Player contains a flaw that may allow a malicious user to, in combination with some well known Internet Explorer vulnerabilities, replace data files with malicious content. The issue is triggered when Flash Player creates data (.sol) with predictable names in known locations. It is possible that the flaw may allow files to be read or malicious code to be ran in the context of the local system.
Solution Description
Upgrade to version 7.0.19.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
Macromedia Flash Player contains a flaw that may allow a malicious user to, in combination with some well known Internet Explorer vulnerabilities, replace data files with malicious content. The issue is triggered when Flash Player creates data (.sol) with predictable names in known locations. It is possible that the flaw may allow files to be read or malicious code to be ran in the context of the local system.
{"title": "Macromedia Flash Player Predictable Data Location Weakness", "published": "2003-12-17T08:20:42", "references": [], "type": "osvdb", "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2017-04-28T13:19:57", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-1017"]}, {"type": "exploitdb", "idList": ["EDB-ID:23298"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_LOCAL_FILES.NASL"]}], "modified": "2017-04-28T13:19:57", "rev": 2}, "vulnersScore": 5.6}, "cvelist": ["CVE-2003-1017"], "viewCount": 9, "affectedSoftware": [], "id": "OSVDB:3057", "modified": "2003-12-17T08:20:42", "href": "https://vulners.com/osvdb/OSVDB:3057", "edition": 1, "description": "## Vulnerability Description\nMacromedia Flash Player contains a flaw that may allow a malicious user to, in combination with some well known Internet Explorer vulnerabilities, replace data files with malicious content. The issue is triggered when Flash Player creates data (.sol) with predictable names in known locations. It is possible that the flaw may allow files to be read or malicious code to be ran in the context of the local system.\n## Solution Description\nUpgrade to version 7.0.19.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMacromedia Flash Player contains a flaw that may allow a malicious user to, in combination with some well known Internet Explorer vulnerabilities, replace data files with malicious content. The issue is triggered when Flash Player creates data (.sol) with predictable names in known locations. It is possible that the flaw may allow files to be read or malicious code to be ran in the context of the local system.\n## References:\nVendor URL: http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html\nVendor Specific Solution URL: http://www.macromedia.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash\n[Secunia Advisory ID:10449](https://secuniaresearch.flexerasoftware.com/advisories/10449/)\n[CVE-2003-1017](https://vulners.com/cve/CVE-2003-1017)\nBugtraq ID: 8900\n", "bulletinFamily": "software", "reporter": "OSVDB", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/", "score": 5.0}, "lastseen": "2017-04-28T13:19:57"}
{"cve": [{"lastseen": "2020-10-03T11:33:03", "description": "Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names.", "edition": 3, "cvss3": {}, "published": "2004-01-05T05:00:00", "title": "CVE-2003-1017", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-1017"], "modified": "2017-07-11T01:29:00", "cpe": ["cpe:/a:macromedia:flash_player:6.0.29.0", "cpe:/a:macromedia:flash_player:6.0.79.0", "cpe:/a:macromedia:flash_player:4.0_r12", "cpe:/a:macromedia:flash_player:5.0", "cpe:/a:macromedia:flash_player:6.0.47.0", "cpe:/a:macromedia:flash_player:6.0.65.0", "cpe:/a:macromedia:director:5.0", "cpe:/a:macromedia:flash_player:5.0_r50", "cpe:/a:macromedia:flash_player:6.0", "cpe:/a:macromedia:flash_player:6.0.40.0"], "id": "CVE-2003-1017", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1017", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:macromedia:flash_player:4.0_r12:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:flash_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:flash_player:5.0_r50:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:director:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:flash_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:flash_player:6.0.79.0:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:flash_player:6.0.47.0:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:flash_player:6.0.29.0:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:flash_player:6.0.40.0:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:flash_player:6.0.65.0:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-02T20:41:58", "description": "Macromedia Flash Player 6.0.x Flash Cookie Predictable File Location Weakness. CVE-2003-1017. Remote exploit for windows platform", "published": "2003-10-24T00:00:00", "type": "exploitdb", "title": "Macromedia Flash Player 6.0.x Flash Cookie Predictable File Location Weakness", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-1017"], "modified": "2003-10-24T00:00:00", "id": "EDB-ID:23298", "href": "https://www.exploit-db.com/exploits/23298/", "sourceData": "source: http://www.securityfocus.com/bid/8900/info\r\n\r\nMacromedia Flash Player is reported to store Flash cookies (.sol files) in a predictable location on client systems. Other attacks are possible given the ability to store content on a system in a predictable location, such as referencing the content via a file:// URI. This is compounded by the fact that an attacker could include HTML and script code in the cookie, which may be interpreted by Internet Explorer or possibly other browsers. In the example of Internet Explorer, such content would be interpreted in the context of the Local Zone. Successful exploitation would still require the attacker to guess the local username of the victim.\r\n\r\nThis issue is reported to affect versions of the player for Microsoft Windows operating systems. Other versions may also be affected. Macromedia Director MX is similarly affected.\r\n\r\nThis issue affects versions of the player prior to 7.0.19.0. \r\n\r\nftp://%@/../../../../Application Data/Macromedia/Flash\r\nPlayer/YOURDOMAINNAME.TLD\\YOURDOMAINNAME.sol ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23298/"}], "nessus": [{"lastseen": "2021-01-01T02:34:47", "description": "The remote host is running a version of Flash Player older than\n7.0.19.0. \n\nSuch versions can be abused in conjunction with several flaws in the\nweb browser to read local files on an affected system. \n\nTo exploit this issue, an attacker would need to lure a user of the\nsoftware into visiting a rogue website containing a malicious Flash\napplet.", "edition": 23, "published": "2003-12-17T00:00:00", "title": "Flash Player < 7.0.19.0 Predictable Data Location Weakness", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-1017"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_LOCAL_FILES.NASL", "href": "https://www.tenable.com/plugins/nessus/11952", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(11952);\n script_version(\"1.18\");\n\n script_cve_id(\"CVE-2003-1017\");\n script_bugtraq_id(8900);\n\n script_name(english:\"Flash Player < 7.0.19.0 Predictable Data Location Weakness\");\n script_summary(english:\"Determines the version of the remote flash plugin\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by a remote\nfile disclosure vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Flash Player older than\n7.0.19.0. \n\nSuch versions can be abused in conjunction with several flaws in the\nweb browser to read local files on an affected system. \n\nTo exploit this issue, an attacker would need to lure a user of the\nsoftware into visiting a rogue website containing a malicious Flash\napplet.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 7.0.19.0 or newer.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2003/12/17\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2003/12/17\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\nscript_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n exit(0);\n}\n\n#\n\nif (!get_kb_item(\"SMB/Flash_Player/installed\")) exit(0);\n\n\n# Identify vulnerable versions.\ninfo = \"\";\n\nforeach variant (make_list(\"Plugin\", \"ActiveX\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if (!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n\n ver = vers[key];\n if (ver)\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n if (\n iver[0] < 6 ||\n (iver[0] == 6 && iver[1] == 0 && iver[2] < 88) ||\n (iver[0] == 7 && iver[1] == 0 && iver[2] < 19)\n )\n {\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += ' - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n }\n else if (variant == \"ActiveX\")\n {\n info += ' - ActiveX control (for Internet Explorer) :\\n';\n }\n info += ' ' + file + ', ' + ver + '\\n';\n }\n }\n }\n }\n}\n\n\nif (info)\n{\n report = string(\n \"Nessus has identified the following vulnerable instance(s) of Flash\\n\",\n \"Player installed on the remote host :\\n\",\n \"\\n\",\n info\n );\n security_warning(port:get_kb_item(\"SMB/transport\"), extra:report);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}]}
