Macromedia Flash Player Flash Cookie Predictable File Location Weakness
Macromedia Flash Player is reported to store Flash cookies (.sol files) in a predictable location on client systems. Other attacks are possible given the ability to store content on a system in a predictable location, such as referencing the content via a file:// URI. This is compounded by the fact that an attacker could include HTML and script code in the cookie, which may be interpreted by Internet Explorer or possibly other browsers. In the example of Internet Explorer, such content would be interpreted in the context of the Local Zone. Successful exploitation would still require the attacker to guess the local username of the victim.
This issue is reported to affect versions of the player for Microsoft Windows operating systems. Other versions may also be affected. Macromedia Director MX is similarly affected.
This issue was originally covered by BID 8886 but has been determined to be a distinct issue in Macromedia Flash. BID 8886 was also updated with additional technical details describing a new issue in Internet Explorer. The original report for these issues was a proof-of-concept provided by Mindwarper which exploited both of the issues simultaneously.
Andreas Sandblad has also demonstrated that it is possible to circumvent the requirement of guessing the local username of the victim by exploiting BID 7826.
This issue affects versions of the player prior to 188.8.131.52.