Macromedia Flash Player Flash Cookie Predictable File Location Weakness

Mindwarper has released a proof-of-concept for this issue which can be found at the following web site:

This proof-of-concept also exploits the issue described in BID 8886.

Andreas Sandblad also provided the following example, which exploits BID 7826 so that it is no longer necessary to guess the local username of the victim:

ftp://%@/../../../../Application Data/Macromedia/Flash


Privacy Statement
Copyright 2010, SecurityFocus