Adobe Flash Player sandbox protection bypass updated since 10.08.2007
Published:		24.12.2007
Source:		BUGTRAQ
SecurityVulns ID:		8028
Type:		client
Level:		5/10
Description:		SecurityErrorEvent can be used for client ports scanning.

Affected:		ADOBE : Flash Player 9.0
CVE:		CVE-2007-4324 (ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0 allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not.)

Original document		SECURITEAM, [EXPL] Socket Connection Timing Can Reveal Information About Network Configuration (Exploit) (24.12.2007)
		fukami, Design flaw in AS3 socket handling allows port probing (10.08.2007)

Files:		Flash 9 AS3 TCP-Portprober
Discuss:		Read or add your comments to this news (0 comments)