CVE-2002-1467
CVSS5.0
发布时间 :2003-04-22 00:00:00
修订时间 :2008-09-05 16:30:40
NMCOS    

[原文]Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).


[CNNVD]Macromedia Flash Player远程可访问本地文件漏洞(CNNVD-200304-133)

        
        Macromedia Flash是一款设计用于增强WEB浏览和可使用户查看各种多媒体WEB内容的组件。Macromedia Flash Player用于播放Flash的软件。
        Macromedia Flash Player在处理HTTP重定向时存在问题,远程攻击者可以利用这个漏洞读取目标用户本地系统文件内容。
        Flash动画允许通过HTTP装载额外的文件。不过Flash Player在限制访问起源域之外的动画文件时,没有对HTTP重定向请求进行正确限制,恶意WEB用户可以构建一个HTTP重定向到本地系统文件,然后由动画自动装载,导致本地系统文件内容泄露。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:macromedia:shockwave:8.0Macromedia Shockwave 8.0
cpe:/a:macromedia:flash_player:6.0Macromedia Flash 6.0
cpe:/a:macromedia:flash_player:6.0.40.0Macromedia Flash 6.0.40.0
cpe:/a:macromedia:flash_player:6.0.29.0Macromedia Flash 6.0.29.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1467
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1467
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200304-133
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/5429
(VENDOR_ADVISORY)  BID  5429
http://www.iss.net/security_center/static/9797.php
(VENDOR_ADVISORY)  XF  flash-same-domain-disclosure(9797)
http://online.securityfocus.com/archive/1/286625
(VENDOR_ADVISORY)  BUGTRAQ  20020808 Macromedia Flash plugin can read local files
http://www.macromedia.com/v1/handlers/index.cfm?ID=23294
(UNKNOWN)  CONFIRM  http://www.macromedia.com/v1/handlers/index.cfm?ID=23294

- 漏洞信息

Macromedia Flash Player远程可访问本地文件漏洞
中危 设计错误
2003-04-22 00:00:00 2005-10-20 00:00:00
远程  
        
        Macromedia Flash是一款设计用于增强WEB浏览和可使用户查看各种多媒体WEB内容的组件。Macromedia Flash Player用于播放Flash的软件。
        Macromedia Flash Player在处理HTTP重定向时存在问题,远程攻击者可以利用这个漏洞读取目标用户本地系统文件内容。
        Flash动画允许通过HTTP装载额外的文件。不过Flash Player在限制访问起源域之外的动画文件时,没有对HTTP重定向请求进行正确限制,恶意WEB用户可以构建一个HTTP重定向到本地系统文件,然后由动画自动装载,导致本地系统文件内容泄露。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 暂时没有合适的临时解决方法。
        厂商补丁:
        Macromedia
        ----------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Macromedia Upgrade Flash 6.0.47.0
        
        http://www.macromedia.com/shockwave/download/frameset.fhtml?P1_Prod_Version=ShockwaveFlash

- 漏洞信息

6646
Macromedia Shockwave Flash Plugin Arbitrary File Retrieval

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-08-07 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Macromedia Flash Player Arbitrary Local File Access Vulnerability
Design Error 5429
Yes No
2002-08-08 12:00:00 2009-07-11 02:56:00
Discovered by Jelmer <jelmer@kuperus.xs4all.nl>.

- 受影响的程序版本

Sun Linux 5.0.6
RedHat netscape-navigator-4.79-1.i386.rpm
+ RedHat Linux 7.3 i386
RedHat netscape-navigator-4.78-2.i386.rpm
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
RedHat netscape-navigator-4.76-11.i386.rpm
+ RedHat Linux 7.1 i386
RedHat netscape-communicator-4.79-1.i386.rpm
+ RedHat Linux 7.3 i386
RedHat netscape-communicator-4.78-2.i386.rpm
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
RedHat netscape-communicator-4.76-11.i386.rpm
+ RedHat Linux 7.1 i386
RedHat netscape-common-4.79-1.i386.rpm
+ RedHat Linux 7.3 i386
RedHat netscape-common-4.78-2.i386.rpm
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
RedHat netscape-common-4.76-11.i386.rpm
+ RedHat Linux 7.1 i386
Macromedia Shockwave 8.0
- Apple Mac OS 9 9.0
- Conectiva Linux 6.0
- Debian Linux 2.2
- Mandriva Linux Mandrake 7.2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 95 SR2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
- RedHat Linux 6.0
- S.u.S.E. Linux 7.0
- Slackware Linux 7.1
- Sun Solaris 7.0
- Sun Solaris 2.6
Macromedia Flash 6.0.40 .0
Macromedia Flash 6.0.29 .0
Macromedia Flash 6.0
+ Microsoft Internet Explorer 5.0.1 SP2
+ Microsoft Internet Explorer 5.0.1 SP2
+ Microsoft Internet Explorer 5.0.1 SP1
+ Microsoft Internet Explorer 5.0.1 SP1
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 6.0
+ Microsoft Internet Explorer 6.0
+ Microsoft Internet Explorer 5.5 SP2
+ Microsoft Internet Explorer 5.5 SP2
+ Microsoft Internet Explorer 5.5 SP1
+ Microsoft Internet Explorer 5.5 SP1
+ Microsoft Internet Explorer 5.5 preview
+ Microsoft Internet Explorer 5.5 preview
+ Microsoft Internet Explorer 5.5
+ Microsoft Internet Explorer 5.5
+ Microsoft Internet Explorer 5.0
+ Microsoft Internet Explorer 5.0
+ Microsoft Windows XP Embedded SP3
+ Microsoft Windows XP Embedded SP2
+ Microsoft Windows XP Home SP3
+ Microsoft Windows XP Home SP2
+ Microsoft Windows XP Media Center Edition SP3
+ Microsoft Windows XP Media Center Edition SP2
+ Microsoft Windows XP Professional SP3
+ Microsoft Windows XP Professional SP2
+ Microsoft Windows XP Professional x64 Edition SP2
+ Microsoft Windows XP Tablet PC Edition SP3
+ Microsoft Windows XP Tablet PC Edition SP2
+ Netscape Communicator 6.1
+ Netscape Communicator 6.1
+ Netscape Communicator 4.78
+ Netscape Communicator 4.78
+ Netscape Communicator 4.77
+ Netscape Communicator 4.77
+ Netscape Communicator 4.76
+ Netscape Communicator 4.76
+ Netscape Communicator 4.75
+ Netscape Communicator 4.75
+ Netscape Communicator 4.74
+ Netscape Communicator 4.74
+ Netscape Communicator 4.73
+ Netscape Communicator 4.73
+ Netscape Communicator 4.72
+ Netscape Communicator 4.72
+ Netscape Communicator 4.61
+ Netscape Communicator 4.61
+ Netscape Communicator 4.51
+ Netscape Communicator 4.51
+ Netscape Communicator 4.7
+ Netscape Communicator 4.7
+ Netscape Communicator 4.6
+ Netscape Communicator 4.6
+ RedHat netscape-common-4.76-11.i386.rpm
+ RedHat netscape-common-4.78-2.i386.rpm
+ RedHat netscape-common-4.79-1.i386.rpm
+ RedHat netscape-communicator-4.76-11.i386.rpm
+ RedHat netscape-communicator-4.78-2.i386.rpm
+ RedHat netscape-communicator-4.79-1.i386.rpm
+ RedHat netscape-navigator-4.76-11.i386.rpm
+ RedHat netscape-navigator-4.78-2.i386.rpm
+ RedHat netscape-navigator-4.79-1.i386.rpm
Macromedia Shockwave 8.5.1 r106
Macromedia Shockwave 8.5.1 r105
Macromedia Flash 6.0.47 .0

- 不受影响的程序版本

Macromedia Shockwave 8.5.1 r106
Macromedia Shockwave 8.5.1 r105
Macromedia Flash 6.0.47 .0

- 漏洞讨论

Macromedia Flash is a modular package designed to enhance web browsing and enables users to view various multimedia web content. An error has been reported in some versions of the Flash player. Malicious Flash animations may be able to read arbitrary local files.

Flash animations are allowed to load additional files through HTTP. While the Flash Player restricts access to files loaded outside of the original domain of the animation, HTTP redirects are allowed. A malicious web server may issue a redirect to a known local file, which will then be loaded by the animation.

Exploitation of this issue may result in the disclosure of sensitive information, including authentication credentials.

- 漏洞利用

No exploit is required. An attacker does require control of a HTTP server, and some degree of technical knowledge may be needed.

- 解决方案

Macromedia reports that this issue has been resolved in some plugin versions of the Flash player. The Netscape plugin was fixed in February 2002, and the Internet Explorer version in May 2002. Users of these products are advised to update to the current version.

Macromedia has released a new bulletin that addresses this issue. Macromedia reports that all versions of Shockwave Player prior to 8.5.1r105 are affected by this vulnerability. Users are advised to download and install the newest versions of Shockwave player.

FreeBSD has released upgrades. Users are advised to upgrade their Ports collection and reinstall the affected port.

Red Hat has released an advisory (RHSA-2003:026-01) and fixes to address this issue.

Sun Linux updates have been released to correct this issue.

An updated version of the player is available:


RedHat netscape-navigator-4.78-2.i386.rpm

RedHat netscape-common-4.76-11.i386.rpm

RedHat netscape-common-4.78-2.i386.rpm

RedHat netscape-communicator-4.76-11.i386.rpm

RedHat netscape-communicator-4.79-1.i386.rpm

RedHat netscape-navigator-4.79-1.i386.rpm

RedHat netscape-navigator-4.76-11.i386.rpm

RedHat netscape-communicator-4.78-2.i386.rpm

RedHat netscape-common-4.79-1.i386.rpm

Sun Linux 5.0.6

Macromedia Flash 6.0

Macromedia Flash 6.0.29 .0

Macromedia Flash 6.0.40 .0

Macromedia Shockwave 8.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站