More SWF vulnerabilities?

[Drew Daniels <umdanie8 () cc umanitoba ca>]

Vulnerable systems: unpatched "standalone Flash 
players" (Macromedia Shockwave Flash player 
versions before January 2002?)

Fix: "In response to the discovery of the virus, in 
January Macromedia released an update to its 
standalone Flash player that causes the player to 
ignore the "exec" action."

Exploit Description: "Vengy's demo showed how 
the "save" command could be used to create a batch 
program on the hard disk of Flash standalone player 
users who viewed a movie containing the Trojan 
horse code. In the demo, the Trojan program 
executed when the victim rebooted his or her 
computer."

Credit: Vengy ? (cyber_flash () hotmail com ?)


From:
http://cartome.org/flash-hole.htm

"Vengy's advisory on the Flash "save" vulnerability is 
at http://www.geocities.com/cyber_flash5/ ."

"Macromedia's technical note on the "exec" hole is at 
http://www.macromedia.com/support/flash/ts/docume
nts/standalone_update.htm ."

"A description of the SWF/LFM-926 virus is at 
http://www.sophos.com/virusinfo/analyses/swflfm926.
html "

I also tracked down this: 
http://www.macromedia.com/support/flash/ts/docume
nts/swf_clear.htm

The SWF/LFM-926 virus exploites a related 
ActionScript command known as fscommand:exec 
which is in another vulnerability.

These seem to be different than bid 2162.

This is my first post to bugtraq and I am mearly trying 
relaying information from another source in order that 
vulnerabilities get the attention they deserve.

     Drew Daniels