CVE - CVE-2007-4324

CVE-ID
CVE-2007-4324	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:25260 URL:http://www.securityfocus.com/bid/25260 BUGTRAQ:20070809 Design flaw in AS3 socket handling allows port probing URL:http://www.securityfocus.com/archive/1/475961/100/0/threaded CERT:TA07-355A URL:http://www.us-cert.gov/cas/techalerts/TA07-355A.html CONFIRM:http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm CONFIRM:http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid= CONFIRM:http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html CONFIRM:http://www.adobe.com/support/security/bulletins/apsb07-20.html CONFIRM:http://www.adobe.com/support/security/bulletins/apsb08-18.html GENTOO:GLSA-200801-07 URL:http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml MISC:http://scan.flashsec.org/ OVAL:oval:org.mitre.oval:def:11874 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11874 REDHAT:RHSA-2007:1126 URL:http://www.redhat.com/support/errata/RHSA-2007-1126.html REDHAT:RHSA-2008:0945 URL:http://www.redhat.com/support/errata/RHSA-2008-0945.html REDHAT:RHSA-2008:0980 URL:http://www.redhat.com/support/errata/RHSA-2008-0980.html SECTRACK:1019116 URL:http://securitytracker.com/id?1019116 SECUNIA:28157 URL:http://secunia.com/advisories/28157 SECUNIA:28161 URL:http://secunia.com/advisories/28161 SECUNIA:28213 URL:http://secunia.com/advisories/28213 SECUNIA:28570 URL:http://secunia.com/advisories/28570 SECUNIA:30507 URL:http://secunia.com/advisories/30507 SECUNIA:32270 URL:http://secunia.com/advisories/32270 SECUNIA:32448 URL:http://secunia.com/advisories/32448 SECUNIA:32702 URL:http://secunia.com/advisories/32702 SECUNIA:32759 URL:http://secunia.com/advisories/32759 SECUNIA:33390 URL:http://secunia.com/advisories/33390 SREASON:2995 URL:http://securityreason.com/securityalert/2995 SUNALERT:238305 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1~~ (Obsolete source) SUNALERT:248586 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1~~ (Obsolete source) SUSE:SUSE-SA:2007:069 URL:http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html SUSE:SUSE-SR:2008:025 URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html VUPEN:ADV-2007-4258 URL:~~http://www.vupen.com/english/advisories/2007/4258~~ (Obsolete source) VUPEN:ADV-2008-1724 URL:~~http://www.vupen.com/english/advisories/2008/1724/references~~ (Obsolete source) VUPEN:ADV-2008-2838 URL:~~http://www.vupen.com/english/advisories/2008/2838~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20070813	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070813)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)