Macromedia Flash Undocumented Action File Access Vulnerability

An issue has been reported in Flash, which could allow for a remote user to access known local files. The undocumented FSCommand 'exec' action, is used to execute external applications. In order to utilize this command the absolute path to the requested application must be argumented.

This issue is being exploited by a virus called SWF/LFM, please see reference section for more details on this malicious code.


 

Privacy Statement
Copyright 2010, SecurityFocus