This email is to be read subject to the disclaimer below.
Spike is right on the money there - and I would agree that it is out of
Script Kiddie territory right now. It won't be for long - as soon as the
1st exploit is done then it is right into script kiddie territory.
Mark Lynch
Development Manager
Direct: +61 (2) 9248 4038
Mobile: 0421 050 695
"Spike" <[EMAIL PROTECTED]>
Sent by: To: "CFAussie Mailing
List" <[EMAIL PROTECTED]>
[EMAIL PROTECTED] cc:
mon.com.au Subject: [cfaussie] Re:
Multiple vulnerablities in Flash player
05/03/2003 12:09 PM
Please respond to "CFAussie
Mailing List"
The flash player in Internet Explorer (Not sure about other browsers) is
an ActiveX control. ActiveX controls have the ability to read and write
to the local hard-drive. The flash player has a sandbox that should stop
this from being possible. If there is a buffer over-flow in the code
that implements the sandbox it may be possible to create a flash movie
using tools such as SoThink swf decompiler to create a swf that puts
some executable binary code into that overflow (I'm not sure if SoThink
would actually allow you to do this, but I did see a tool that would let
you do it for Flash 5 movies). If this binary code writes to or reads
from disk it is clearly a bad thing.
How difficult it would be to exploit this sort of vulnerability is
difficult to say, but I think it's well out of script kiddie territory.
That being said, any time there's a buffer overflow that could
potentially allow escalation of privileges on a networked machine you
would probably want to patch ASAP.
Spike
Stephen Milligan
Consultant for hire
http://spikefu.blogspot.com
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Scott Barnes
> Sent: 05 March 2003 04:22
> To: CFAussie Mailing List
> Subject: [cfaussie] Re: Multiple vulnerablities in Flash player
>
>
> hmmmm.. I thought it was his theory and i was like "no way
> sandbox is fux0red, they said so.."
>
> Still majorly sceptical as to how it can be done, the only
> thing i can think of (and i'm no hacker), is that they find
> some way to force FlashMX to right to a file / read a file...
> maybe hax0ring the clientside shared object, by getting it to
> write somewhere else on the hdd?
>
> Its a very slim chance imho..
>
> Scott.
>
>
> "Mark Stanton" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> >
> > Scott
> >
> > Viktor said:
> > >The update fixes several buffer overflows and methods of bypassing
> > >the
> > sandbox.
> >
> > The email from MM said:
> > ....Recently, Macromedia became aware of potential security issues
> > with Macromedia Flash Player. A new version of Macromedia
> Flash Player
> > fixes these issues to protect our users from any content
> that attempts
> > to execute this type of malicious code.
> >
> > The cumulative security patch is available today and addresses the
> > potential for future exploits surrounding buffer overflows
> > (read/write) and sandbox integrity within the player which
> might allow
> > malicious users to gain access to a user�s computer...
> >
> > ...SEVERITIY RATING
> >
> > Macromedia categorizes this issue as a critical update and
> recommends
> > users immediately update to the newest player...
> >
> > I think the problem lies with the sandbox - ie. it does not work.
> >
> > hth
> >
> > Cheers
> >
> > Mark
> >
> >
> > ______________
> > Mark Stanton
> > Web Production
> > Gruden Pty Ltd
> > Tel: 9956 6388
> > Mob: 0410 458 201
> > Fax: 9956 8433
> > www.gruden.com
> >
> >
> >
> >
>
>
>
> ---
> You are currently subscribed to cfaussie as:
> [EMAIL PROTECTED] To unsubscribe send a blank email to
> [EMAIL PROTECTED]
>
> MX Downunder AsiaPac DevCon - http://mxdu.com/
>
>
---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to
[EMAIL PROTECTED]
MX Downunder AsiaPac DevCon - http://mxdu.com/
--------------------
NOTICE - This communication contains information which is confidential and
the copyright of Ernst & Young or a third party.
If you are not the intended recipient of this communication please delete
and destroy all copies and telephone Ernst & Young on 1800 655 717
immediately. If you are the intended recipient of this communication you
should not copy, disclose or distribute this communication without the
authority of Ernst & Young.
Any views expressed in this Communication are those of the individual
sender, except where the sender specifically states them to be the views of
Ernst & Young.
Except as required at law, Ernst & Young does not represent, warrant and/or
guarantee that the integrity of this communication has been maintained nor
that the communication is free of errors, virus, interception or
interference.
Liability limited by the Accountants Scheme, approved under the
Professional Standards Act 1994 (NSW)
--------------------
---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
MX Downunder AsiaPac DevCon - http://mxdu.com/
