FLASH: Flash Security Issues (exec command)

[Mountain, Mike J]

Folks

 

I downloaded a recent movie off Flashkit which uses the exec command to

create a text file (or any other kind of file) on your directory C:...I

wonder if anyone else has realised that this could create a bat file which

could then be run (again using the exec command) and cause potential

security issues.

 

Of course the swf or projector  has to reside on the clients PC, however

with browser caching and "joke" emails (the popular hampster in a

.....series for example) - and even possibly flash embedded in e-mails -

it's not to tricky to get someone to open an swf up that resides on a users

system - I've not tried this theory out beyond creating a file - so I'm not

sure how much of a security risk it is, but I thought it was an interesting

point for discussion.

 

Regards

 

Mike M


flasher is generously supported by...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Get the last 100 messages from the flasher list NOW

    http://www.chinwag.com/flasher/last100.shtml


 Flash books http://www.chinwag.com/flasher/books.shtml

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To unsubscribe or change your list settings go to

http://www.chinwag.com/flasher or email

helpchinwag [dot] com