CVE-2007-4324 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2007-4324 Interim 1 5 2023-12-09T02:13:29Z current 2021-05-30T12:39:50Z 2023-12-09T02:13:29Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2007-4324 ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YECG645MAHRLQRBDBP5THVI2VKSHJZA3/#YECG645MAHRLQRBDBP5THVI2VKSHJZA3 E-Mail link for SUSE-SA:2007:069 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RO2OGFGBEZJTF5QIXBFJMPY2MQ3KVKAL/#RO2OGFGBEZJTF5QIXBFJMPY2MQ3KVKAL E-Mail link for SUSE-SR:2008:025 https://www.suse.com/support/security/rating/ SUSE Security Ratings ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability. CVE-2007-4324 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N