CVE-2007-4324 Information

Feb 14, 2021 cve

Description

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0 and other versions and other 9.0.124.0 and earlier versions allows remote attackers to bypass the Security Sandbox Model obtain sensitive information and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround but does not fix the vulnerability.

Reference

http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2 http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://scan.flashsec.org/ http://secunia.com/advisories/28157 http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28570 http://secunia.com/advisories/30507 http://secunia.com/advisories/32270 http://secunia.com/advisories/32448 http://secunia.com/advisories/32702 http://secunia.com/advisories/32759 http://secunia.com/advisories/33390 http://securityreason.com/securityalert/2995 http://securitytracker.com/id?1019116 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid= http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html http://www.adobe.com/support/security/bulletins/apsb07-20.html http://www.adobe.com/support/security/bulletins/apsb08-18.html http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml http://www.redhat.com/support/errata/RHSA-2007-1126.html http://www.redhat.com/support/errata/RHSA-2008-0945.html http://www.redhat.com/support/errata/RHSA-2008-0980.html http://www.securityfocus.com/archive/1/475961/100/0/threaded http://www.securityfocus.com/bid/25260 http://www.us-cert.gov/cas/techalerts/TA07-355A.html http://www.vupen.com/english/advisories/2007/4258 http://www.vupen.com/english/advisories/2008/1724/references http://www.vupen.com/english/advisories/2008/2838 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11874

Share on: