Vulnerability Description
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Shockwave Player | 9 |
Related Weaknesses (CWE)
References
- http://crypto.stanford.edu/dns/dns-rebinding.pdf
- http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
- http://secunia.com/advisories/28157
- http://secunia.com/advisories/28161
- http://secunia.com/advisories/28213
- http://secunia.com/advisories/28570
- http://secunia.com/advisories/29763
- http://secunia.com/advisories/29865
- http://secunia.com/advisories/30430
- http://secunia.com/advisories/30507
- http://securitytracker.com/id?1019116
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
- http://www.adobe.com/support/security/bulletins/apsb07-20.html
FAQ
What is CVE-2007-5275?
CVE-2007-5275 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname ...
How severe is CVE-2007-5275?
CVE-2007-5275 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5275?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Shockwave Player.