CVE-2007-4324

Table of Contents

Impact:
Moderate
Public Date:
2007-08-09
Bugzilla:
252292: CVE-2007-4324 Flash movie can determine whether a TCP port is open

The MITRE CVE dictionary describes this issue as:

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.

Find out more about CVE-2007-4324 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux AS version 3 Extras (flash-plugin) RHSA-2007:1126 2007-12-18
Red Hat Enterprise Linux AS version 4 Extras (flash-plugin) RHSA-2008:0980 2008-11-12
Red Hat Enterprise Linux Supplementary 5 (flash-plugin) RHSA-2007:1126 2007-12-18
Red Hat Enterprise Linux AS version 3 Extras (flash-plugin) RHSA-2008:0980 2008-11-12
Red Hat Enterprise Linux AS version 4 Extras (flash-plugin) RHSA-2007:1126 2007-12-18
Red Hat Enterprise Linux Supplementary 5 (flash-plugin) RHSA-2008:0945 2008-10-28
Last Modified

CVE description copyright © 2017, The MITRE Corporation