Title: Macromedia Flash Player Arbitrary Local File Access Vulnerability
Severity: MODERATE
Description:
Macromedia Flash is a modular package designed to enhance web browsing and enables users to view various multimedia web content. An error has been reported in some versions of the Flash player. Malicious Flash animations may be able to read arbitrary local files.
Flash animations are allowed to load additional files through HTTP. Normally, this functionality is used to load data needed for the animation. The Flash Player prevents the loading of any files outside of the domain of origin of the animation.
However, if a HTTP redirect is given as the response to a legal request, additional security checks are not made. A malicious server may issue a HTTP redirect for a known local file, which will then be loaded by the animation. The animation may then take actions based on sensitive data, or transmit the data back to the malicious server.
It has been reported that it is also possible to exploit this issue by setting a base href URL pointing towards the local system, such as "file:///c:/", and then using a relative URL within the flash animation. Relative URLs may also be used in conjunction with content embedded in MHT files to exploit this issue.
Exploitation of this issue may result in the disclosure of sensitive information, including authentication credentials. The consequences of exploitation may be dependant on the details of the vulnerable client system.
Affected Products:
- Macromedia Flash 6.0.0
- Macromedia Flash 6.0.29 .0
- Macromedia Flash 6.0.40 .0
- Macromedia Shockwave 8.0.0
- Microsoft Internet Explorer 5.0
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Internet Explorer 5.5 SP2
- Microsoft Internet Explorer 5.5 preview
- Microsoft Internet Explorer 6.0
- Netscape Communicator 4.51.0
- Netscape Communicator 4.6.0
- Netscape Communicator 4.61.0
- Netscape Communicator 4.7.0
- Netscape Communicator 4.72.0
- Netscape Communicator 4.73.0
- Netscape Communicator 4.74.0
- Netscape Communicator 4.75.0
- Netscape Communicator 4.76.0
- Netscape Communicator 4.77.0
- Netscape Communicator 4.78.0
- Netscape Communicator 6.1.0
- RedHat Linux 7.1.0 i386
- RedHat Linux 7.2.0 i386
- RedHat Linux 7.2.0 ia64
- RedHat Linux 7.3.0 i386
- RedHat netscape-common-4.76-11.i386.rpm
- RedHat netscape-common-4.78-2.i386.rpm
- RedHat netscape-common-4.79-1.i386.rpm
- RedHat netscape-communicator-4.76-11.i386.rpm
- RedHat netscape-communicator-4.78-2.i386.rpm
- RedHat netscape-communicator-4.79-1.i386.rpm
- RedHat netscape-navigator-4.76-11.i386.rpm
- RedHat netscape-navigator-4.78-2.i386.rpm
- RedHat netscape-navigator-4.79-1.i386.rpm
- Sun Linux 5.0.6
References:
- Macromedia: MPSB02-11 - Macromedia Shockwave URL Modification Issue
- Sun: Sun Linux Support - Sun Linux Patches
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
