Vulnerability Description
ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Flash Player | <= 9.0.114.0 |
Related Weaknesses (CWE)
References
- http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2
- http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
- http://scan.flashsec.org/
- http://secunia.com/advisories/28157Vendor Advisory
- http://secunia.com/advisories/28161Vendor Advisory
- http://secunia.com/advisories/28213
- http://secunia.com/advisories/28570
- http://secunia.com/advisories/30507
- http://secunia.com/advisories/32270
- http://secunia.com/advisories/32448
- http://secunia.com/advisories/32702
- http://secunia.com/advisories/32759
- http://secunia.com/advisories/33390
- http://securityreason.com/securityalert/2995
FAQ
What is CVE-2007-4324?
CVE-2007-4324 is a vulnerability with a CVSS score of 5.0 (MEDIUM). ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive informa...
How severe is CVE-2007-4324?
CVE-2007-4324 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4324?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player.