[Fwd: Shockwave 7 Security Hole]

[sean () SPATULA ML ORG (Sean Coates)]

This is a multi-part message in MIME format.
--------------C74A8532C81A98554FBEB09F
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

I just got this off a Lingo programming list (Macromedia Director 7
scripting). Thought the Bugtraq community might appreciate it.

-Sean Coates
sean () spatula ml org

--------------C74A8532C81A98554FBEB09F
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

x-recipient: <sean () spatula ml org>
Received: from mail1.fcgnetworks.net by spatula.ml.org;
     Thu, 11 Mar 99 13:18:01 -0400
Received: by mail1.fcgnetworks.net (8.9.1/8.9.0) id KAA03508
        for lingo; Thu, 11 Mar 1999 10:13:29 -0500 (EST)
X-Authentication-Warning: mail1.fcgnetworks.net: majordomo set sender to owner-lingo () penworks com using -f
Received: from post-20.mail.demon.net (post-20.mail.demon.net [194.217.242.27])
        by mail1.fcgnetworks.net (8.9.1/8.9.0) with ESMTP id KAA03487
        for <lingo-l () penworks com>; Thu, 11 Mar 1999 10:13:26 -0500 (EST)
Received: from [194.222.146.6] (helo=[194.222.146.6])
        by post-20.mail.demon.net with esmtp (Exim 2.10 #2)
        id 10L796-00031o-0K
        for lingo-l () penworks com; Thu, 11 Mar 1999 15:13:13 +0000
X-Mailer: Microsoft Outlook Express for Macintosh - 4.01 (295)
Date: Thu, 11 Mar 1999 15:11:53 +0000
Subject: <lingo-l> Shockwave 7 Security Hole
From: "Bernard Lang" <bernard () telegrafix demon co uk>
To: lingo-l () penworks com
Mime-version: 1.0
X-Priority: 3
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Message-Id: <E10L796-00031o-0K () post-20 mail demon net>
Sender: owner-lingo () penworks com
Precedence: bulk
X-Mozilla-Status2: 00000000

Dear all,
Thought this little extract from Macuser might amuse you all (especially in
the context of recent discussions about viewing users hard
disks/fileIo/Xtras etc.):

---------------------------------------------------
Macromedia Will Plug Shockwave 7 Security Hole This Week
10 March - MacUser -- Macromedia is set to close a security loophole in
Shockwave 7 after MacUser discovered the Web plug-in was sending personal
user information, including passwords, back to Macromedia.
The updated plug-in is being tested and will be available this week.
The problem occurs in Shockwave 7's optional auto-update feature, which
periodically checks the Macromedia download site for the latest revision of
Shockwave.
If it needs an update, the software reports back to Macromedia the Shockwave
sites users have visited.
But in cases where Web sites use password validation in their addresses,
this information - which can include the passwords, as well as data about
secure Web sites, even those behind a firewall, and hard disk information -
is passed back to Macromedia.
Although security risks are minor because Shockwave 7 encrypts data before
sending it to Macromedia, other users could get information about how to
attack a company's network.
Macromedia was not aware of the problem when contacted, but is creating an
updated Shockwave 7 plug-in which will strip obvious password information
and port numbers from URLs before sending them.
The update will record any non-standard URLs as "Not an http:// server",
preventing information about local hard disks and ftp sites being
transferred.
Macromedia will also add a special parameter to the "embed" tag used to
place Shockwave movies in a page that will stop the URL being recorded.

Tut tut.

Regards.

Bernard Lang
---------------------------
Telegrafix Media Design
Glebe Cottage
15 High Street
Burton in Lonsdale
North Yorks
LA6 3JU
United Kingdom
---------------------------
info () telegrafix demon co uk
015242-62026
---------------------------

[To remove yourself from this list, or to change to digest mode, use the
Lingo-L list management page available at
http://www.penworks.com/LUJ/lingo-l.cgi]


--------------C74A8532C81A98554FBEB09F--