| VID |
28067 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Windows system has a version of flash player vulnerable to a file reading vulnerability.
Macromedia flash player versions prior to 7.0.19.0 could be abused in conjunction with several flaws in the web browser to read arbitrary files stored on the local machine. This vulnerability arises due to the predictability of the location of data stored by the Flash movies. While this is not in itself a directly exploitable vulnerability, an exploit can be created in combination with a security flaw in the browser. A remote attacker could create a specially-crafted Web site containing a malicious flash applet, which would cause the script to be executed in the victim's Web browser within the security context of the hosted site, once the site is visited.
* References:
http://www.securiteam.com/securitynews/6A00C2A95I.html
* Platforms Affected:
Flash Player version prior to 7.0.19.0
Windows Any version |
| Recommendation |
Upgrade to the latest version of Flash Player (7.0.19.0 or later), as listed in Macromedia Security Bulletin MPSB03-08 at http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
