Adobe Flash Player ActionScript SecurityErrorEvent绕过安全限制漏洞

BUGTRAQ ID: 25260 CVECAN ID: CVE-2007-4324 Flash Player是一款非常流行的FLASH播放器。 Flash Player中的ActionScript 3（AS3）允许远程攻击者通过指定了连接的SWF电影绕过安全沙盒模型获得敏感信息并端口扫描任意主机，然后使用SecurityErrorEvent错误的定时差异判断端口是否开放。 AS3 Adobe引入了新的套接字相关事件SecurityErrorEvent。当Flash Player试图连接到关闭的TCP端口时会立即出现SecurityErrorEvent，如果服务在监听该端口Flash...

Design flaw in AS3 socket handling allows port probing

Design flaw in AS3 socket handling allows port probing Summary Due to a design flaw in ActionScript 3 socket handling, compiled Flash movies are able to scan for open TCP ports on any host reachable from the host running the SWF, bypassing the Flash Player Security Sandbox Model and without the...