David Neu

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player versions 9.0.47.0 through 9.0.124.0 Adobe Flash Player versions prior to 9.0.115.0 **Description** The issue allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash movie. This is achieved by specifying a connection, then using timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. **Recommendations** For Adobe Flash Player versions 9.0.47.0 through 9.0.124.0, consider disabling the affected Flash (SWF) movie functionality until a patch is available. For Adobe Flash Player versions prior to 9.0.115.0, restrict access to the SecurityErrorEvent error to minimize the risk of exploitation.