CVE-2007-4324 — Improper Input Validation in Adobe Flash Player

CWE-264 CWE-20 — Improper Input Validation8 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

20.0%

top 4.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe Shockwave Player

Timeline

PublishedAug 14

Latest updateMay 1

Description

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDadobe/flash_player9.0.114.0

▶NVDadobe/shockwave_player9

🔴Vulnerability Details

GHSA

GHSA-pwqr-x6x9-wjxj: The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF↗2022-05-01

▶

GHSA

GHSA-fvv5-4452-jhc8: ActionScript 3 (AS3) in Adobe Flash Player 9↗2022-05-01

▶

📋Vendor Advisories

Red Hat

Flash plugin DNS rebinding↗2007-10-08

▶

Red Hat

Flash movie can determine whether a TCP port is open↗2007-08-09

▶

💬Community

Bugzilla

CVE-2007-5275 Flash plugin DNS rebinding↗2007-11-05

▶

Bugzilla

CVE-2007-4324 Flash movie can determine whether a TCP port is open↗2007-08-15

▶