Unrated severityNVD Advisory· Published Aug 14, 2007· Updated Jun 16, 2026
CVE-2007-4324
CVE-2007-4324
Description
ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=9.0.114.0
- (no CPE)range: <=9.0.124.0
Patches
Vulnerability mechanics
References
35- secunia.com/advisories/28157nvdVendor Advisory
- secunia.com/advisories/28161nvdVendor Advisory
- www.us-cert.gov/cas/techalerts/TA07-355A.htmlnvdUS Government Resource
- kb.adobe.com/selfservice/viewContent.donvd
- lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.htmlnvd
- scan.flashsec.orgnvd
- secunia.com/advisories/28213nvd
- secunia.com/advisories/28570nvd
- secunia.com/advisories/30507nvd
- secunia.com/advisories/32270nvd
- secunia.com/advisories/32448nvd
- secunia.com/advisories/32702nvd
- secunia.com/advisories/32759nvd
- secunia.com/advisories/33390nvd
- securityreason.com/securityalert/2995nvd
- securitytracker.com/idnvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- support.avaya.com/elmodocs2/security/ASA-2008-440.htmnvd
- support.avaya.com/elmodocs2/security/ASA-2009-020.htmnvd
- support.nortel.com/go/main.jspnvd
- www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.htmlnvd
- www.adobe.com/support/security/bulletins/apsb07-20.htmlnvd
- www.adobe.com/support/security/bulletins/apsb08-18.htmlnvd
- www.gentoo.org/security/en/glsa/glsa-200801-07.xmlnvd
- www.redhat.com/support/errata/RHSA-2007-1126.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0945.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0980.htmlnvd
- www.securityfocus.com/archive/1/475961/100/0/threadednvd
- www.securityfocus.com/bid/25260nvd
- www.vupen.com/english/advisories/2007/4258nvd
- www.vupen.com/english/advisories/2008/1724/referencesnvd
- www.vupen.com/english/advisories/2008/2838nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11874nvd
News mentions
0No linked articles in our index yet.