Upstream information

CVE-2007-4324 at MITRE

Description

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entries: 332480 [RESOLVED / DUPLICATE], 435201 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.1
  • flash-player >= 9.0.115.0-0.2
openSUSE 11.0
  • flash-player >= 9.0.151.0-0.1
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • flash-player >= 9.0.48.0-4.4
Builds
ZYPP Patch Nr: 4856
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • flash-player >= 9.0.115.0-0.2
Builds
YOU Patch Nr: 12051
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • flash-player >= 9.0.151.0-0.1
sles9-nld.x86-64
sled10-sp2.x86-64
sles9-nld.x86
sled10-sp2.x86
sled10.x86-64
sled10.x86
ZYPP Patch Nr: 5757