• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Macromedia Flash Player File Access Vulnerability

An error has been reported in some versions of the Flash player. Malicious Flash animations may be able to read arbitrary local files.

The vulnerability is due to an error in Flash Player when loading animations from remote SMB shares. When Flash Player loads an animation from a SMB network share, it is treated as though it was loaded from a user's local hard drive.

This vulnerability may allow an attacker to cause Flash Player to read the contents of local files through Flash Player's XML control.