CVE-2007-4324 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-4324
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4324

Description: ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions before 9.0.115.0, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not.

CVE Status: Candidate

References: SUSE http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 ST 1019116 SREASON http://securityreason.com/securityalert/2995 SAID Secunia Advisory: SA28157 Secunia Advisory: SA28161 Secunia Advisory: SA28570 Secunia Advisory: SA28213 Secunia Advisory: SA30507 REDHAT http://www.redhat.com/support/errata/RHSA-2007-1126.html MISC http://scan.flashsec.org/ GENTOO http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-20.html http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2 CERT http://www.us-cert.gov/cas/techalerts/TA07-355A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/475961/100/0/threaded BID 25260

Return to the previous page.