CVE-2007-4324

N/A Unknown

Published: August 14, 2007 Modified: April 23, 2026

Description

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

Source: cve@mitre.org

http://scan.flashsec.org/

Source: cve@mitre.org

http://secunia.com/advisories/28157

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28161

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28213

Source: cve@mitre.org

http://secunia.com/advisories/28570

Source: cve@mitre.org

http://secunia.com/advisories/30507

Source: cve@mitre.org

http://secunia.com/advisories/32270

Source: cve@mitre.org

http://secunia.com/advisories/32448

Source: cve@mitre.org

http://secunia.com/advisories/32702

Source: cve@mitre.org

http://secunia.com/advisories/32759

Source: cve@mitre.org

http://secunia.com/advisories/33390

Source: cve@mitre.org

http://securityreason.com/securityalert/2995

Source: cve@mitre.org

http://securitytracker.com/id?1019116

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm

Source: cve@mitre.org

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=

Source: cve@mitre.org

http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html

Source: cve@mitre.org

http://www.adobe.com/support/security/bulletins/apsb07-20.html

Source: cve@mitre.org

http://www.adobe.com/support/security/bulletins/apsb08-18.html

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-1126.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2008-0945.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2008-0980.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/475961/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/25260

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA07-355A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2007/4258

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/1724/references

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/2838

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11874

Source: cve@mitre.org

http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2