Macromedia Flash Player .SWF File "save" FSCommand File Write

2002-03-19T00:00:00
ID OSVDB:6648
Type osvdb
Reporter vengy()
Modified 2002-03-19T00:00:00

Description

Vulnerability Description

Macromedia Flash Player contains a flaw that may allow a malicious user to save arbitrary files and programs on the system. The issue is due to the undocumented "save" FSCommand in .SWF file. By distributing a crafted .SWF file via email or website download, a remote attacker can write and execute arbitrary code on a Windows-based system that can execute external code, resulting in a loss of integrity.

Solution Description

Upgrade to Flash Player updater on 2/25/02 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Macromedia Flash Player contains a flaw that may allow a malicious user to save arbitrary files and programs on the system. The issue is due to the undocumented "save" FSCommand in .SWF file. By distributing a crafted .SWF file via email or website download, a remote attacker can write and execute arbitrary code on a Windows-based system that can execute external code, resulting in a loss of integrity.

References:

Vendor Specific Solution URL: http://www.macromedia.com/support/flash/ts/documents/fs_save.htm Other Advisory URL: http://cartome.org/flash-hole.htm Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-03/0233.html ISS X-Force ID: 8584 Generic Exploit URL: http://www.geocities.com/cyber_flash5/ CVE-2002-0476 Bugtraq ID: 4320