Red Hat Bugzilla – Bug 252292
CVE-2007-4324 Flash movie can determine whether a TCP port is open
Last modified: 2008-10-08 15:08:30 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4324
to the following vulnerability:
ActionScript 3 (AS3) in Adobe Flash Player 184.108.40.206 allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then using timing discrepancies from the SecurityErrorEvent error to determine whether a host is open or not.
Issue was addressed in supported products by: