Vulnerability Details : CVE-2007-4324
ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.
Products affected by CVE-2007-4324
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-4324
26.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-4324
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2007-4324
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-4324
-
http://www.redhat.com/support/errata/RHSA-2007-1126.html
Support
-
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2
-
http://www.redhat.com/support/errata/RHSA-2008-0980.html
-
http://www.securityfocus.com/bid/25260
-
http://secunia.com/advisories/33390
-
http://secunia.com/advisories/28570
About Secunia Research | Flexera
-
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
-
http://www.adobe.com/support/security/bulletins/apsb07-20.html
Adobe Security Bulletins and Advisories
-
http://securitytracker.com/id?1019116
Access Denied
-
http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
Adobe Flash Player: Multiple vulnerabilities (GLSA 200801-07) — Gentoo security
-
http://secunia.com/advisories/28157
About Secunia Research | FlexeraVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2008:025 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
-
http://secunia.com/advisories/28161
About Secunia Research | FlexeraVendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA07-355A.html
Page Not Found | CISAUS Government Resource
-
http://www.vupen.com/english/advisories/2008/2838
-
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
502 Bad Gateway
-
http://www.redhat.com/support/errata/RHSA-2008-0945.html
-
http://secunia.com/advisories/32759
About Secunia Research | Flexera
-
http://securityreason.com/securityalert/2995
-
http://secunia.com/advisories/28213
About Secunia Research | Flexera
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11874
-
http://scan.flashsec.org/
-
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=
-
http://secunia.com/advisories/32448
-
http://secunia.com/advisories/32702
-
http://www.securityfocus.com/archive/1/475961/100/0/threaded
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
-
http://secunia.com/advisories/30507
About Secunia Research | Flexera
-
http://secunia.com/advisories/32270
-
http://www.adobe.com/support/security/bulletins/apsb08-18.html
-
http://www.vupen.com/english/advisories/2008/1724/references
Site en construction
-
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
-
http://www.vupen.com/english/advisories/2007/4258
Site en construction
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
Jump to