cpe:/a:adobe:shockwave_player:9 CVE-2007-5275 2007-10-08T19:17:00.000-04:00 2017-09-28T21:29:32.970-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2007-10-09T11:58:00.000-04:00 SECTRACK 1019116 SUNALERT 238305 BID 26930 SECUNIA 28157 SECUNIA 28161 SECUNIA 28213 SECUNIA 28570 SECUNIA 29763 SECUNIA 29865 SECUNIA 30430 SECUNIA 30507 VUPEN ADV-2007-4258 VUPEN ADV-2008-1697 VUPEN ADV-2008-1724 APPLE APPLE-SA-2008-05-28 GENTOO GLSA-200801-07 GENTOO GLSA-200804-21 REDHAT RHSA-2007:1126 REDHAT RHSA-2008:0221 SUSE SUSE-SA:2007:069 SUSE SUSE-SA:2008:022 CERT TA07-355A CERT TA08-100A CERT TA08-150A MISC http://crypto.stanford.edu/dns/dns-rebinding.pdf CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-20.html CONFIRM http://www.adobe.com/support/security/bulletins/apsb08-11.html The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.