Freely subscribe to our NEWSLETTER

SYNTHESIS OF THE VULNERABILITY

An attacker can create a malicious Flash application, which
indicates file fragments to a CIFS/SMB share.

Severity: 2/4

Consequences: data reading

Provenance: document

Means of attack: 1 proof of concept

Ability of attacker: specialist (3/4)

Confidence: unique source (2/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 04/03/2010

IMPACTED PRODUCTS

– Adobe Flash Player

DESCRIPTION OF THE VULNERABILITY

A Flash application can be conceived with two modes
– "Access local files only" : no network access, excepted a CIFS
server on the same local network

– "Access network only" : no local access
An application is thus not allowed to transfer data from user’s
computer to the internet.

In "local files only" mode, the application can use the URLLoader
class to read a local file, or a file located on a CIFS/SMB share.

An application can therefore use URLLoader to read a file located
on victim’s computer. This file for example contains "hello". The
application can then try to read "\1.2.3.4\public\hello", where
"1.2.3.4" is a CIFS server owned by the attacker. The "hello" file
does not exist on the CIFS share, so this generates an error which
is logged.

The attacker can then read logs of his CIFS server, in order to
obtain data fragments ("hello") coming from victim’s computer.

An attacker can therefore create a malicious Flash application,
which indicates file fragments to a CIFS/SMB share.

CHARACTERISTICS

Identifiers: BID-38517, VIGILANCE-VUL-9495

http://vigilance.fr/vulnerability/Adobe-Flash-file-reading-9495