Con FSCOMMAND, se hace asi (tomado de la ayuda de flash)
In the web page that contains the SWF file, set the allowScriptAccess attribute to allow or deny the SWF file's ability to access the web page. (You set this attribute in the HTML code that embeds the SWF file--for example, in the PARAM tag for Internet Explorer or the EMBED tag for Netscape.) When allowScriptAccess is set to "never", outbound scripting always fails. When allowScriptAccess is set to "always", outbound scripting always succeeds. When it is set to "sameDomain", scripting is allowed only from SWF files that are in the same domain as the web page. If allowScriptAccess is not specified in a web page, it defaults to "sameDomain" for Flash Player 8, and to "always" for previous versions of Flash Player.
When using this function, consider the Flash Player security model. For Flash Player 8, the fscommand() function is not allowed if the calling SWF file is in the local-with-file-system or local-with-network sandbox and the containing HTML page is in an untrusted sandbox. For more information, see the following:
Chapter 17, "Understanding Security," in Learning ActionScript 2.0 in Flash
The Flash Player 8 Security white paper at http://www.macromedia.com/go/fp8_security
The Flash Player 8 Security-Related API white paper at http://www.macromedia.com/go/fp8_security_apis
Usage 3: The fscommand() function can send messages to Macromedia Director. These messages are interpreted by Lingo (the Director scripting language) as strings, events, or executable Lingo code. If a message is a string or an event, you must write the Lingo code to receive the message from the fscommand() function and carry out an action in Director. For more information, see the Director Support Center at www.macromedia.com/support/director