[cfaussie] Re: Multiple vulnerablities in Flash player

Tue, 04 Mar 2003 17:10:27 -0800 

The flash player in Internet Explorer (Not sure about other browsers) is
an ActiveX control. ActiveX controls have the ability to read and write
to the local hard-drive. The flash player has a sandbox that should stop
this from being possible. If there is a buffer over-flow in the code
that implements the sandbox it may be possible to create a flash movie
using tools such as SoThink swf decompiler to create a swf that puts
some executable binary code into that overflow (I'm not sure if SoThink
would actually allow you to do this, but I did see a tool that would let
you do it for Flash 5 movies). If this binary code writes to or reads
from disk it is clearly a bad thing.

How difficult it would be to exploit this sort of vulnerability is
difficult to say, but I think it's well out of script kiddie territory.
That being said, any time there's a buffer overflow that could
potentially allow escalation of privileges on a networked machine you
would probably want to patch ASAP.

Spike

Stephen Milligan
Consultant for hire
http://spikefu.blogspot.com

> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf 
> Of Scott Barnes
> Sent: 05 March 2003 04:22
> To: CFAussie Mailing List
> Subject: [cfaussie] Re: Multiple vulnerablities in Flash player
> 
> 
> hmmmm.. I thought it was his theory and i was like "no way 
> sandbox is fux0red, they said so.."
> 
> Still majorly sceptical as to how it can be done, the only 
> thing i can think of (and i'm no hacker), is that they find 
> some way to force FlashMX to right to a file / read a file... 
> maybe hax0ring the clientside shared object, by getting it to 
> write somewhere else on the hdd?
> 
> Its a very slim chance imho..
> 
> Scott.
> 
> 
> "Mark Stanton" <[EMAIL PROTECTED]> wrote in message 
> news:[EMAIL PROTECTED]
> >
> > Scott
> >
> > Viktor said:
> > >The update fixes several buffer overflows and methods of bypassing 
> > >the
> > sandbox.
> >
> > The email from MM said:
> > ....Recently, Macromedia became aware of potential security issues 
> > with Macromedia Flash Player. A new version of Macromedia 
> Flash Player 
> > fixes these issues to protect our users from any content 
> that attempts 
> > to execute this type of malicious code.
> >
> > The cumulative security patch is available today and addresses the 
> > potential for future exploits surrounding buffer overflows 
> > (read/write) and sandbox integrity within the player which 
> might allow 
> > malicious users to gain access to a users computer...
> >
> > ...SEVERITIY RATING
> >
> > Macromedia categorizes this issue as a critical update and 
> recommends 
> > users immediately update to the newest player...
> >
> > I think the problem lies with the sandbox - ie. it does not work.
> >
> > hth
> >
> > Cheers
> >
> > Mark
> >
> >
> > ______________
> > Mark Stanton
> > Web Production
> > Gruden Pty Ltd
> > Tel: 9956 6388
> > Mob: 0410 458 201
> > Fax: 9956 8433
> > www.gruden.com
> >
> >
> >
> >
> 
> 
> 
> ---
> You are currently subscribed to cfaussie as: 
> [EMAIL PROTECTED] To unsubscribe send a blank email to 
> [EMAIL PROTECTED]
> 
> MX Downunder AsiaPac DevCon - http://mxdu.com/
> 
> 


---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]

MX Downunder AsiaPac DevCon - http://mxdu.com/

Reply via email to