Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5275

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-5275
Last Modified 07 Mar 2011 10:00:25
Published 08 Oct 2007 07:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5275

Summary

The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.

Vulnerable Systems

Application

  • Adobe Shockwave Player 9


References

CERT - TA08-150A

CERT - TA08-100A

CERT - TA07-355A

VUPEN - ADV-2008-1724

VUPEN - ADV-2008-1697

VUPEN - ADV-2007-4258

MISC - http://crypto.stanford.edu/dns/dns-rebinding.pdf

BID - 26930

REDHAT - RHSA-2008:0221

REDHAT - RHSA-2007:1126

GENTOO - GLSA-200804-21

GENTOO - GLSA-200801-07

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb08-11.html

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb07-20.html

SUNALERT - 238305

SECTRACK - 1019116

SECUNIA - 30507

SECUNIA - 30430

SECUNIA - 29865

SECUNIA - 29763

SECUNIA - 28570

SECUNIA - 28213

SECUNIA - 28161

SECUNIA - 28157

SUSE - SUSE-SA:2008:022

SUSE - SUSE-SA:2007:069

APPLE - APPLE-SA-2008-05-28

Related Patches

Apple 2008-05-28 Security Update 2008-003 (PPC)

Apple 2008-05-28 Security Update 2008-003 Server (PPC)

Apple 2008-05-28 Mac OS X Server 10.5.3 Combo Update

Apple 2008-05-28 Security Update 2008-003 (Intel)

Apple 2008-05-28 Security Update 2008-003 Server (Universal)

Apple 2008-05-28 Mac OS X Server 10.5.3 Update

Apple 2008-05-28 Mac OS X 10.5.3 Combo Update (Rev 2)

Apple 2008-05-28 Mac OS X 10.5.3 Update

Adobe APSB07-20 Flash Player 9.0.r115 for IE (Upgrade) (All Languages)

Adobe APSB08-11 Flash Player 9.0.r124 for IE (Upgrade) (All Languages)

Adobe Flash Player 9.0.115 for Mac OS X (PPC)

Adobe Flash Player 9.0.115 for Mac OS X (Universal)

Adobe Flash Player 9.0.124 for Mac OS X (PPC)

Adobe Flash Player 9.0.124 for Mac OS X (Universal)

Adobe APSB08-11 Flash Player 9.0.r124 for Netscape (Upgrade) (All Languages)


Last Updated: 27 May 2016 10:46:08