CVE-2007-4324

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions 9.0.47.0 through 9.0.124.0 Adobe Flash Player versions prior to 9.0.115.0

Description The issue allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash movie. This is achieved by specifying a connection, then using timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not.

Recommendations For Adobe Flash Player versions 9.0.47.0 through 9.0.124.0, consider disabling the affected Flash (SWF) movie functionality until a patch is available. For Adobe Flash Player versions prior to 9.0.115.0, restrict access to the SecurityErrorEvent error to minimize the risk of exploitation.