CVE-2007-4324

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.
References
Link Resource
http://scan.flashsec.org/
http://www.securityfocus.com/bid/25260
http://securityreason.com/securityalert/2995
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2
http://www.adobe.com/support/security/bulletins/apsb07-20.html
http://www.redhat.com/support/errata/RHSA-2007-1126.html
http://www.us-cert.gov/cas/techalerts/TA07-355A.html US Government Resource
http://securitytracker.com/id?1019116
http://secunia.com/advisories/28157 Vendor Advisory
http://secunia.com/advisories/28161 Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
http://secunia.com/advisories/28570
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
http://secunia.com/advisories/28213
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
http://secunia.com/advisories/30507
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
http://secunia.com/advisories/32270
http://www.adobe.com/support/security/bulletins/apsb08-18.html
http://secunia.com/advisories/32448
http://www.redhat.com/support/errata/RHSA-2008-0945.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/32759
http://secunia.com/advisories/32702
http://www.redhat.com/support/errata/RHSA-2008-0980.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
http://secunia.com/advisories/33390
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=
http://www.vupen.com/english/advisories/2007/4258
http://www.vupen.com/english/advisories/2008/1724/references
http://www.vupen.com/english/advisories/2008/2838
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11874
http://www.securityfocus.com/archive/1/475961/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

Information

Published : 2007-08-14 12:17

Updated : 2018-10-15 09:34


NVD link : CVE-2007-4324

Mitre link : CVE-2007-4324

Products Affected
No products.
CWE