Lucene search

PRIOn knowledge basePRION:CVE-2007-4324

HistoryAug 14, 2007 - 12:17 a.m.

Design/Logic Flaw

2007-08-1400:17:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

85.4%

JSON

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.

CPENameOperatorVersion
flash_playerle9.0.114.0

CPE	Name	Operator	Version
	flash_player	le	9.0.114.0

References

kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2

lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html

lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

scan.flashsec.org/

secunia.com/advisories/28157

secunia.com/advisories/28161

secunia.com/advisories/28213

secunia.com/advisories/28570

secunia.com/advisories/30507

secunia.com/advisories/32270

secunia.com/advisories/32448

secunia.com/advisories/32702

secunia.com/advisories/32759

secunia.com/advisories/33390

securityreason.com/securityalert/2995

securitytracker.com/id?1019116

sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1

sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1

support.avaya.com/elmodocs2/security/ASA-2008-440.htm

support.avaya.com/elmodocs2/security/ASA-2009-020.htm

support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=

www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html

www.adobe.com/support/security/bulletins/apsb07-20.html

www.adobe.com/support/security/bulletins/apsb08-18.html

www.gentoo.org/security/en/glsa/glsa-200801-07.xml

www.redhat.com/support/errata/RHSA-2007-1126.html

www.redhat.com/support/errata/RHSA-2008-0945.html

www.redhat.com/support/errata/RHSA-2008-0980.html

www.securityfocus.com/archive/1/475961/100/0/threaded

www.securityfocus.com/bid/25260

www.us-cert.gov/cas/techalerts/TA07-355A.html

www.vupen.com/english/advisories/2007/4258

www.vupen.com/english/advisories/2008/1724/references

www.vupen.com/english/advisories/2008/2838

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11874

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

85.4%

JSON

Related for PRION:CVE-2007-4324