CVE-2007-4324

NONECVSS 0.0

0.0

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.

🔗 References (70)

cve@mitrehttp://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2
cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
cve@mitrehttp://scan.flashsec.org/
cve@mitrehttp://secunia.com/advisories/28157
cve@mitrehttp://secunia.com/advisories/28161
cve@mitrehttp://secunia.com/advisories/28213
cve@mitrehttp://secunia.com/advisories/28570
cve@mitrehttp://secunia.com/advisories/30507
cve@mitrehttp://secunia.com/advisories/32270
cve@mitrehttp://secunia.com/advisories/32448
cve@mitrehttp://secunia.com/advisories/32702
cve@mitrehttp://secunia.com/advisories/32759
cve@mitrehttp://secunia.com/advisories/33390
cve@mitrehttp://securityreason.com/securityalert/2995

Is Your Infrastructure Affected by CVE-2007-4324?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-4324

📅 Published

🔄 Last Modified

🔗 References (70)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-4324?