• info
• discussion
• exploit
• solution
• references

Macromedia Flash Player Arbitrary Local File Access Vulnerability

Solution:
Macromedia reports that this issue has been resolved in some plugin versions of the Flash player. The Netscape plugin was fixed in February 2002, and the Internet Explorer version in May 2002. Users of these products are advised to update to the current version.

Macromedia has released a new bulletin that addresses this issue. Macromedia reports that all versions of Shockwave Player prior to 8.5.1r105 are affected by this vulnerability. Users are advised to download and install the newest versions of Shockwave player.

FreeBSD has released upgrades. Users are advised to upgrade their Ports collection and reinstall the affected port.

Red Hat has released an advisory (RHSA-2003:026-01) and fixes to address this issue.

Sun Linux updates have been released to correct this issue.

An updated version of the player is available:


RedHat netscape-navigator-4.78-2.i386.rpm

• Red Hat netscape-navigator-4.8-1.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/netscape-navigator-4.8-1.i386. rpm


• Red Hat netscape-navigator-4.8-1.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/netscape-navigator-4.8-1.i386. rpm

RedHat netscape-common-4.76-11.i386.rpm

• Red Hat netscape-common-4.8-1.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/netscape-common-4.8-1.i386.rpm

RedHat netscape-common-4.78-2.i386.rpm

• Red Hat netscape-common-4.8-1.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/netscape-common-4.8-1.i386.rpm


• Red Hat netscape-common-4.8-1.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/netscape-common-4.8-1.i386.rpm

RedHat netscape-communicator-4.76-11.i386.rpm

• Red Hat netscape-communicator-4.8-1.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/netscape-communicator-4.8-1.i3 86.rpm

RedHat netscape-communicator-4.79-1.i386.rpm

• Red Hat netscape-communicator-4.8-1.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/netscape-communicator-4.8-1.i3 86.rpm

RedHat netscape-navigator-4.79-1.i386.rpm

• Red Hat netscape-navigator-4.8-1.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/netscape-navigator-4.8-1.i386. rpm

RedHat netscape-navigator-4.76-11.i386.rpm

• Red Hat netscape-navigator-4.8-1.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/netscape-navigator-4.8-1.i386. rpm

RedHat netscape-communicator-4.78-2.i386.rpm

• Red Hat netscape-communicator-4.8-1.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/netscape-communicator-4.8-1.i3 86.rpm


• Red Hat netscape-communicator-4.8-1.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/netscape-communicator-4.8-1.i3 86.rpm

RedHat netscape-common-4.79-1.i386.rpm

• Red Hat netscape-common-4.8-1.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/netscape-common-4.8-1.i386.rpm

Sun Linux 5.0.6

• Sun netscape-common-4.8-1.i386.rpm
  ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/netscape-common-4.8-1.i386.rpm


• Sun netscape-communicator-4.8-1.i386.rpm
  ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/netscape-communicator-4.8-1.i386.rpm


• Sun netscape-navigator-4.8-1.i386.rpm
  ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/netscape-navigator-4.8-1.i386.rpm

Macromedia Flash 6.0

• Macromedia Flash 6.0.47.0
  http://www.macromedia.com/shockwave/download/frameset.fhtml?P1_Prod_Ve rsion=ShockwaveFlash

Macromedia Flash 6.0.29 .0

• Macromedia Flash 6.0.47.0
  http://www.macromedia.com/shockwave/download/frameset.fhtml?P1_Prod_Ve rsion=ShockwaveFlash

Macromedia Flash 6.0.40 .0

• Macromedia Flash 6.0.47.0
  http://www.macromedia.com/shockwave/download/frameset.fhtml?P1_Prod_Ve rsion=ShockwaveFlash

Macromedia Shockwave 8.0

• Macromedia Shockwave Player 8.5.1
  http://www.macromedia.com/go/getshockwaveplayer