CVE-2002-1467
published 2003-04-22CVE-2002-1467: Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a…
PriorityP419medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.91%
77.2th percentile
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | shockwave_player | — | — |
| macromedia | flash_player | — | — |
| macromedia | flash_player | — | — |
| macromedia | flash_player | — | — |
| macromedia | shockwave | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pwqr-x6x9-wjxj: The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2007-5275 [MEDIUM] CWE-20 GHSA-pwqr-x6x9-wjxj: The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.
GHSA
GHSA-r825-m227-647m: Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirec
ghsa_unreviewed·2022-04-30
CVE-2002-1467 [MEDIUM] GHSA-r825-m227-647m: Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirec
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).
Red Hat
Flash plugin DNS rebinding
vendor_redhat·2007-10-08·CVSS 5.0
CVE-2007-5275 [MEDIUM] Flash plugin DNS rebinding
Flash plugin DNS rebinding
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.
Red Hat
security flaw
vendor_redhat·2002-08-08·CVSS 5.0
CVE-2002-1467 [MEDIUM] security flaw
security flaw
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2002-1467 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2002-1467 [MEDIUM] CVE-2002-1467 security flaw
CVE-2002-1467 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).
Bugzilla
CVE-2007-5275 Flash plugin DNS rebinding
bugzilla·2007-11-05·CVSS 5.0
CVE-2007-5275 [MEDIUM] CVE-2007-5275 Flash plugin DNS rebinding
CVE-2007-5275 Flash plugin DNS rebinding
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5275 to the following vulnerability:
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.
References:
http://crypto.stanford.edu/dns/dns-rebinding.pdf
Discussion:
Issue was addressed in supported products by:
https://rhn.redhat.com/errata/RHSA-2007-1126.html
http://online.securityfocus.com/archive/1/286625http://www.iss.net/security_center/static/9797.phphttp://www.macromedia.com/v1/handlers/index.cfm?ID=23294http://www.securityfocus.com/bid/5429http://online.securityfocus.com/archive/1/286625http://www.iss.net/security_center/static/9797.phphttp://www.macromedia.com/v1/handlers/index.cfm?ID=23294http://www.securityfocus.com/bid/5429
2003-04-22
Published