Rapid7 Vulnerability & Exploit Database

SUSE Linux Security Vulnerability: CVE-2007-4324

Back to Search

SUSE Linux Security Vulnerability: CVE-2007-4324

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
08/13/2007
Created
07/25/2018
Added
02/17/2015
Modified
07/04/2017

Description

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.

Solution(s)

  • suse-upgrade-flash-player
  • suse-upgrade-suse-release

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;