Macromedia Flash Undocumented Command Arbitrary File Write Vulnerability

An issue has been reported in Flash, which could allow for a remote user to write to a file on a local user's system. The undocumented FSCommand 'save' action, is used to save main timeline variables of a movie to a file on the local drive.

It is possible for a shockwave flash file (swf), using the FSCommand 'save', to be used in such a way that when downloaded and run directly from a standalone Flash player, attacker specified data will be written to a file on the user's system.

If used in conjunction with BID 4321, exploitation of malicious code may be possible.


Privacy Statement
Copyright 2010, SecurityFocus