Welcome to the Club, Macromedia

Welcome to the Club, Macromedia
Shane Coursen, 2002-01-14

With the discovery of the first Flash virus, the popular format joins the growing list of ways virus-writers can attack.

Expand all | Post comment

Welcome to the Club, Macromedia 2002-01-15
Anonymous (1 replies)

Welcome to the Club, Macromedia 2002-01-18
Anonymous

Welcome to the Club, Macromedia 2002-01-15
Geordy Korte

Welcome to the Club, Macromedia 2002-01-16
Anonymous

It will be interesting to see how Macromedia closes this
security hole while at the same time giving web authors the flexibilty to read/write data.

Flash is more than just an animation tool, so whenever it's used in an environment that accesses the PC to read/write data, there's always a potential risk for abuse as we've seen with SWF/LFM-926!

The actionscript FSCommand:exec allows arbitrary program execution such as "cmd.exe /c echo hello world>hello.txt".
What other types of file I/O are possible?

The browser security sandbox is supposed to disallow file I/O while viewing flash movies, although has anyone really investigated that claim in depth?

Thanks.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/53/9897#9897

Welcome to the Club, Macromedia 2002-01-16
Anonymous (1 replies)

Welcome to the Club, Macromedia 2002-01-18
Anonymous

Are we to blame Macormedia? 2002-01-20
NetWARioR

Welcome to the Club, Macromedia 2002-01-21
Anonymous

Welcome to the Club, Macromedia 2002-01-21
z3mo

Welcome to the Club, Macromedia 2002-01-22
Bbesselink@novus-tele.net

Welcome to the Club, Macromedia 2002-01-26
Sugien

Welcome to the Club, Macromedia 2002-01-27
Anonymous

Welcome to the Club, Macromedia 2002-01-29
Anonymous (1 replies)

Welcome to the Club, Macromedia 2002-02-04
Anonymous