SUSE CVE-2007-4324

ActionScript 3 AS3 in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash SWF movie that specifies a connection to make, then...

Adobe Flash Player <= 10.1.51 Local File Access Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38517/info Adobe Flash Player is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. package com.lavakumar.imposter...

Flash movie can determine whether a TCP port is open

ActionScript 3 AS3 in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash SWF movie that specifies a connection to make, then...

Flash 9 AS3 TCP-Portprober

No description provided by source. / Flash 9 AS3 TCP-Portprober this Actionscript Application was created to detect if a given TCP Port on a given host is reachable or not from the host the swf is running on ...

Adobe Flash Player sandbox protection bypass

SecurityErrorEvent can be used for client ports scanning...

Adobe Flash Player ActionScript SecurityErrorEvent绕过安全限制漏洞

BUGTRAQ ID: 25260 CVECAN ID: CVE-2007-4324 Flash Player是一款非常流行的FLASH播放器。 Flash Player中的ActionScript 3（AS3）允许远程攻击者通过指定了连接的SWF电影绕过安全沙盒模型获得敏感信息并端口扫描任意主机，然后使用SecurityErrorEvent错误的定时差异判断端口是否开放。 AS3 Adobe引入了新的套接字相关事件SecurityErrorEvent。当Flash Player试图连接到关闭的TCP端口时会立即出现SecurityErrorEvent，如果服务在监听该端口Flash...

Flash movie can determine whether a TCP port is open

ActionScript 3 AS3 in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash SWF movie that specifies a connection to make, then...

CVE-2007-4324

ActionScript 3 AS3 in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash SWF movie that specifies a connection to make, then...

Design flaw in AS3 socket handling allows port probing

Design flaw in AS3 socket handling allows port probing Summary Due to a design flaw in ActionScript 3 socket handling, compiled Flash movies are able to scan for open TCP ports on any host reachable from the host running the SWF, bypassing the Flash Player Security Sandbox Model and without the...