CVE-2007-4324

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.

CVSS v2.0 5

5^/10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References

Link	Resource
http://scan.flashsec.org/
http://www.securityfocus.com/bid/25260
http://securityreason.com/securityalert/2995
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2
http://www.adobe.com/support/security/bulletins/apsb07-20.html
http://www.redhat.com/support/errata/RHSA-2007-1126.html
http://www.us-cert.gov/cas/techalerts/TA07-355A.html	US Government Resource
http://securitytracker.com/id?1019116
http://secunia.com/advisories/28157	Vendor Advisory
http://secunia.com/advisories/28161	Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
http://secunia.com/advisories/28570
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
http://secunia.com/advisories/28213
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
http://secunia.com/advisories/30507
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
http://secunia.com/advisories/32270
http://www.adobe.com/support/security/bulletins/apsb08-18.html
http://secunia.com/advisories/32448
http://www.redhat.com/support/errata/RHSA-2008-0945.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/32759
http://secunia.com/advisories/32702
http://www.redhat.com/support/errata/RHSA-2008-0980.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
http://secunia.com/advisories/33390
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=
http://www.vupen.com/english/advisories/2007/4258
http://www.vupen.com/english/advisories/2008/1724/references
http://www.vupen.com/english/advisories/2008/2838
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11874
http://www.securityfocus.com/archive/1/475961/100/0/threaded

Configurations

Configuration 1

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

History

24 Jan 2023, 16:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:predictapp_project:predictapp::::::::
References	~~(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 -~~	(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 - Patch, Third Party Advisory
References	~~(MISC) https://github.com/abhilash1985/PredictApp/pull/73 -~~	(MISC) https://github.com/abhilash1985/PredictApp/pull/73 - Patch, Third Party Advisory
References	~~(MISC) https://vuldb.com/?id.218387 -~~	(MISC) https://vuldb.com/?id.218387 - Third Party Advisory
References	~~(MISC) https://vuldb.com/?ctiid.218387 -~~	(MISC) https://vuldb.com/?ctiid.218387 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Predictapp Project predictapp Predictapp Project

16 Jan 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2007-08-14 12:17

Updated : 2018-10-15 09:34

NVD link : CVE-2007-4324

Mitre link : CVE-2007-4324

Products Affected

No products.

CWE

CWE-264