Flash screensaver are popular – even in business. But there is a security flaw, that provides an easy method to bypass a flash screensaver’s Windows Lock screen. So it’s possible for an attacker to gain unauthorized access to a user’s Windows session, if he has physical access to a locked machine.
Adobe Flash is still popular – and some users are creating Flash screensaver, even on business computers. But there is a big security risk coming with this technology. Adrian Furtuna from Security Café has discovered this security flaw and blogged about it.
If an unauthorized person get physical access to a locked machine, he may right click on the lock screen. On a flash screensaver, the Global Settings … context menu entry may be accessible.
In Flash Player Settings Manager, the tab Advanced provides a Trusted Location Settings button. Clicking this button, opens the Trusted Location Settings window, where the Add button may be pushed. Then the Add Site dialog box enables a third party user to access the Add File … button. But this leads to the Open window shown above. Via this open windows, a third party user has access to the user files of the current user session. It’s also possible, to open a context menu and use the commands shown above. I’ve used the New command, to add a .bat file containing a command to invoke a console window. Afterward I was able to launch this .bat file and get access to command prompt window. Further details may be read in this blog post.
So, if you use a business system and the lock screen is also password enabled to prevent unauthorized access, it’s a good idea to ban all Flash based screen saver from this system.