Flash Tool 0.6.0 Remote Code Execution

2013-03-04T00:00:00
ID PACKETSTORM:120626
Type packetstorm
Reporter Larry W. Cashdollar
Modified 2013-03-04T00:00:00

Description

                                        
                                            `Flash Tool 0.6.0 Remote code execution vulnerability  
  
3/1/2013  
  
http://rubygems.org/gems/flash_tool  
  
https://github.com/milboj/flash_tool  
  
If files downloaded contain shell characters it's possible to execute   
code as the client user.  
  
ie: flash_file;id>/tmp/o;.swf  
  
./flash_tool-0.6.0/lib/flash_tool.rb  
  
Lines:  
  
26 command = "swfstrings #{file}"  
27: output = `#{command} 2>&1`  
88: command = "#{command} #{option} #{file}"  
89: output = `#{command} 2>&1`  
  
./flash_tool-0.6.0/lib/flash_tool/flash.rb  
75: command = "#{command} #{args.join(" ")}"  
76: output = `#{command} 2>&1`  
  
  
@_larry0  
Larry W. Cashdollar  
http://otiose.dhs.org/advisories/flash_tool-0.6.0-cmd_exec.html  
`