Lucene search

K

[email protected]NVD:CVE-2007-4324

HistoryAug 14, 2007 - 12:17 a.m.

CVE-2007-4324

2007-08-1400:17:00

CWE-264

[email protected]

web.nvd.nist.gov

11

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.162

Percentile

96.1%

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.

Affected configurations

Nvd

Node

adobeflash_playerRange≤9.0.114.0

References

kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2

lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html

lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

scan.flashsec.org/

secunia.com/advisories/28157

secunia.com/advisories/28161

secunia.com/advisories/28213

secunia.com/advisories/28570

secunia.com/advisories/30507

secunia.com/advisories/32270

secunia.com/advisories/32448

secunia.com/advisories/32702

secunia.com/advisories/32759

secunia.com/advisories/33390

securityreason.com/securityalert/2995

securitytracker.com/id?1019116

sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1

sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1

support.avaya.com/elmodocs2/security/ASA-2008-440.htm

support.avaya.com/elmodocs2/security/ASA-2009-020.htm

support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=

www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html

www.adobe.com/support/security/bulletins/apsb07-20.html

www.adobe.com/support/security/bulletins/apsb08-18.html

www.gentoo.org/security/en/glsa/glsa-200801-07.xml

www.redhat.com/support/errata/RHSA-2007-1126.html

www.redhat.com/support/errata/RHSA-2008-0945.html

www.redhat.com/support/errata/RHSA-2008-0980.html

www.securityfocus.com/archive/1/475961/100/0/threaded

www.securityfocus.com/bid/25260

www.us-cert.gov/cas/techalerts/TA07-355A.html

www.vupen.com/english/advisories/2007/4258

www.vupen.com/english/advisories/2008/1724/references

www.vupen.com/english/advisories/2008/2838

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11874

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.162

Percentile

96.1%

Related for NVD:CVE-2007-4324

ubuntucve2 securityvulns4 prion2 cvelist2 cve2 seebug1 nvd1 freebsd2 openvas14 nessus16 suse1 gentoo1 redhat3