[Forgot Password]
Login  Register Subscribe

24003

 
 

131517

 
 

106904

 
 

909

 
 

84902

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2007-4324Date: (C)2007-08-13   (M)2018-02-19


ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 5.0
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: NONE
Confidentiality: Availability: NONE
Integrity:  
Availability:  
  
Reference:
SECTRACK-1019116
http://www.securityfocus.com/archive/1/archive/1/475961/100/0/threaded
SUNALERT-238305
SUNALERT-248586
BID-25260
SECUNIA-28157
SECUNIA-28161
SECUNIA-28213
SECUNIA-28570
SREASON-2995
SECUNIA-30507
SECUNIA-32270
SECUNIA-32448
SECUNIA-32702
SECUNIA-32759
SECUNIA-33390
ADV-2007-4258
ADV-2008-1724
ADV-2008-2838
GLSA-200801-07
RHSA-2007:1126
RHSA-2008:0945
RHSA-2008:0980
SUSE-SA:2007:069
SUSE-SR:2008:025
TA07-355A
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2
http://scan.flashsec.org/
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
http://www.adobe.com/support/security/bulletins/apsb07-20.html
http://www.adobe.com/support/security/bulletins/apsb08-18.html

CPE    1
cpe:/a:adobe:flash_player:9.0.114.0
CWE    1
CWE-264
OVAL    8
oval:org.secpod.oval:def:9342
oval:org.secpod.oval:def:9798
oval:org.secpod.oval:def:9799
oval:org.secpod.oval:def:9816
...

© 2013 SecPod Technologies