Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4324

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4324
Last Modified 07 Mar 2011 09:58:22
Published 13 Aug 2007 08:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4324

Summary

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.

Vulnerable Systems

Application

  • Adobe Flash Player 9.0.114.0


References

CERT - TA07-355A

VUPEN - ADV-2008-2838

VUPEN - ADV-2008-1724

VUPEN - ADV-2007-4258

BID - 25260

BUGTRAQ - 20070809 Design flaw in AS3 socket handling allows port probing

REDHAT - RHSA-2008:0980

REDHAT - RHSA-2008:0945

REDHAT - RHSA-2007:1126

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb08-18.html

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb07-20.html

CONFIRM - http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html

CONFIRM - http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm

SUNALERT - 248586

SECTRACK - 1019116

SREASON - 2995

SECUNIA - 33390

SECUNIA - 32759

SECUNIA - 32702

SECUNIA - 32448

SECUNIA - 32270

SECUNIA - 28161

SECUNIA - 28157

MISC - http://scan.flashsec.org/

SUSE - SUSE-SR:2008:025

CONFIRM - http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2

GENTOO - GLSA-200801-07

SUNALERT - 238305

SECUNIA - 30507

SECUNIA - 28570

SECUNIA - 28213

SUSE - SUSE-SA:2007:069

Related Patches

Adobe APSB07-20 Flash Player 9.0.r115 for IE (Upgrade) (All Languages)

Adobe Flash Player 10.0.12.36 for Mac OS X (PPC) (Rev 2)

Adobe Flash Player 9.0.115 for Mac OS X (PPC)

Adobe Flash Player 9.0.115 for Mac OS X (Universal)


Last Updated: 27 May 2016 10:45:50