https://www.exploit-db.com/exploits/23298
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200401-006

MacromediaFlashPlayer支持对flash文件的播放。MacromediaFlashPlayer存储FlashCookie文件在可预测位置，结合其他漏洞可导致在系统上执行恶意代码。MacromediaFlashPlayer把FlashCookie文件(.sol)保存在可预测客户端位置中，结合其他漏洞，如通过file://URI进行引用的问题，可导致客户端浏览器执行包含在Cookie中的恶意HTML和脚本代码。造成敏感信息泄露。

source: http://www.securityfocus.com/bid/8900/info

Macromedia Flash Player is reported to store Flash cookies (.sol files) in a predictable location on client systems. Other attacks are possible given the ability to store content on a system in a predictable location, such as referencing the content via a file:// URI. This is compounded by the fact that an attacker could include HTML and script code in the cookie, which may be interpreted by Internet Explorer or possibly other browsers. In the example of Internet Explorer, such content would be interpreted in the context of the Local Zone. Successful exploitation would still require the attacker to guess the local username of the victim.

This issue is reported to affect versions of the player for Microsoft Windows operating systems. Other versions may also be affected. Macromedia Director MX is similarly affected.

This issue affects versions of the player prior to 7.0.19.0. 

ftp://%@/../../../../Application Data/Macromedia/Flash
Player/YOURDOMAINNAME.TLDYOURDOMAINNAME.sol

来源:BID
名称:8900
链接:http://www.securityfocus.com/bid/8900
来源:www.macromedia.com
链接:http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html
来源:XF
名称:flash-file-predictable-location(14013)
链接:http://xforce.iss.net/xforce/xfdb/14013
来源:www.macromedia.com
链接:http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html