Another Security Hole Found In Macromedia Flash

 
Feb 19, 2002
A Macromedia customer discovered a vulnerability in the Flash 5 Authoring tool based on the undomented undocumented ActionScript command "fscommand:save". Using this command, Vengy was able to create a "Trojaned" Flash movie that, when viewed using the standalone Flash player, would place a malicious script on the viewer's computer.

The following articles give more information, on this and the related "exec" hole and the SWF/LFM-926 virus, which were both discovered in January.

Another Security Hole Found In Macromedia Flash (Newsbytes.com, February 26)

Vengy's Advisory on the Flash "save" Vulnerability

Macromedia's Technical Note on the "exec" Hole

A Description of the SWF/LFM-926 Virus

Privacy | FAQ | Site Map | About | Guidelines | Contact | Advertising | What is ColdFusion?
House of Fusion | ColdFusion Jobs | Blog of Fusion | AHP Hosting