Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2007-4324
Description:ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.
Test IDs: 1.3.6.1.4.1.25623.1.0.61802  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2007-4324
BugTraq ID: 25260
http://www.securityfocus.com/bid/25260
Bugtraq: 20070809 Design flaw in AS3 socket handling allows port probing (Google Search)
http://www.securityfocus.com/archive/1/475961/100/0/threaded
Cert/CC Advisory: TA07-355A
http://www.us-cert.gov/cas/techalerts/TA07-355A.html
http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
http://scan.flashsec.org/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11874
RedHat Security Advisories: RHSA-2007:1126
http://www.redhat.com/support/errata/RHSA-2007-1126.html
RedHat Security Advisories: RHSA-2008:0945
http://www.redhat.com/support/errata/RHSA-2008-0945.html
RedHat Security Advisories: RHSA-2008:0980
http://www.redhat.com/support/errata/RHSA-2008-0980.html
http://securitytracker.com/id?1019116
http://secunia.com/advisories/28157
http://secunia.com/advisories/28161
http://secunia.com/advisories/28213
http://secunia.com/advisories/28570
http://secunia.com/advisories/30507
http://secunia.com/advisories/32270
http://secunia.com/advisories/32448
http://secunia.com/advisories/32702
http://secunia.com/advisories/32759
http://secunia.com/advisories/33390
http://securityreason.com/securityalert/2995
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
SuSE Security Announcement: SUSE-SA:2007:069 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://www.vupen.com/english/advisories/2007/4258
http://www.vupen.com/english/advisories/2008/1724/references
http://www.vupen.com/english/advisories/2008/2838




© 1998-2024 E-Soft Inc. All rights reserved.