‘Flash Player Local Shared Object Vulnerability (Patch)’
‘A recently discovered security flaw in the Internet Explorer and Opera browsers may allow improper access to certain local files. A potential exploit can then be created in association with the local Flash data file to allow a malicious user to gain access to information stored on the local machine.’
‘The information has been provided by Macromedia Security Center.’
Macromedia has released an updated version of Macromedia Flash Player (7,0,19,0) that can be downloaded from the Macromedia Player Download Center.
This new version stores local data in a way that a malicious user cannot access it from applications other than Flash Player. This ensures Flash movies are able to work properly with data saved to the local file system, but external applications, such as web browsers, are not.
Macromedia categorizes this issue as an important update and recommends users update to the newest player.
This release of Flash Player addresses the potential for exploits due to the predictability of the location of data stored by the Flash movies. While this is not in itself a directly exploitable vulnerability, an exploit can be created in combination with a security flaw in the browser. If the data stored by Flash Player on the local file system is a script, then it may be possible for that script to be executed on the local machine using a browser.
This update prevents data stored by Flash movies from being used maliciously. However, at this time no updates to Internet Explorer and Opera browsers addressing the vulnerabilities in those products
have been announced.’