CVE-2007-4324

2007-08-1400:00:00

ubuntu.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

85.7%

JSON

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and
other 9.0.124.0 and earlier versions, allows remote attackers to bypass the
Security Sandbox Model, obtain sensitive information, and port scan
arbitrary hosts via a Flash (SWF) movie that specifies a connection to
make, then uses timing discrepancies from the SecurityErrorEvent error to
determine whether a port is open or not. NOTE: 9.0.115.0 introduces
support for a workaround, but does not fix the vulnerability.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/flashplugin-nonfree/+bug/177777>

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchflashplugin-nonfree< 10.0.12.36UNKNOWN
ubuntu8.04noarchflashplugin-nonfree< 9.0.246.0ubuntu1UNKNOWN
ubuntu8.10noarchflashplugin-nonfree< 10.0.32.18ubuntu0.8.10.1UNKNOWN
ubuntu9.04noarchflashplugin-nonfree< 10.0.32.18ubuntu0.9.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	flashplugin-nonfree	< 10.0.12.36	UNKNOWN
ubuntu	8.04	noarch	flashplugin-nonfree	< 9.0.246.0ubuntu1	UNKNOWN
ubuntu	8.10	noarch	flashplugin-nonfree	< 10.0.32.18ubuntu0.8.10.1	UNKNOWN
ubuntu	9.04	noarch	flashplugin-nonfree	< 10.0.32.18ubuntu0.9.04.1	UNKNOWN