CVE-2007-5275 — Improper Input Validation in Adobe Shockwave Player

CWE-20 — Improper Input Validation5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
37.2%
top 2.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Shockwave Player
Timeline
PublishedOct 8
Latest updateMay 1

Description

The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-pwqr-x6x9-wjxj: The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF↗2022-05-01
â–¶
CVEList
CVE-2007-5275: The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF↗2007-10-08
â–¶

📋Vendor Advisories

1
Red Hat
Flash plugin DNS rebinding↗2007-10-08
â–¶

💬Community

1
Bugzilla
CVE-2007-5275 Flash plugin DNS rebinding↗2007-11-05
â–¶
CVE-2007-5275 — Improper Input Validation in Adobe | cvebase