vendor:
Flash Player
by:
SecurityFocus
7.5
CVSS
HIGH
Predictable Location Vulnerability
200
CWE
Product Name: Flash Player
Affected Version From: Prior to 7.0.19.0
Affected Version To: Prior to 7.0.19.0
Patch Exists: YES
Related CWE: N/A
CPE: a:macromedia:flash_player
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows
2002
Macromedia Flash Player Predictable Location Vulnerability
Macromedia Flash Player is reported to store Flash cookies (.sol files) in a predictable location on client systems. Other attacks are possible given the ability to store content on a system in a predictable location, such as referencing the content via a file:// URI. This is compounded by the fact that an attacker could include HTML and script code in the cookie, which may be interpreted by Internet Explorer or possibly other browsers. In the example of Internet Explorer, such content would be interpreted in the context of the Local Zone. Successful exploitation would still require the attacker to guess the local username of the victim.
Mitigation:
Ensure that the Flash Player is updated to the latest version.
