CVE-2007-4324

Vulnerability

A flaw in ActionScript 3 (AS3) in Adobe Flash Player versions 9.0.47.0 and earlier, as well as other versions up to 9.0.124.0, allows remote attackers to bypass the Security Sandbox Model. The vulnerability is triggered when a Flash (SWF) movie specifies a connection to a host or port. The attacker can then exploit timing discrepancies from the SecurityErrorEvent error to determine whether a remote port is open or closed, effectively conducting a port scan without proper security restrictions [1][2][3][4].

Exploitation

An attacker only needs to craft a malicious SWF file that targets a remote host and port. The SWF file attempts a connection; depending on the timing of the SecurityErrorEvent, the attacker can infer the state of the port. No authentication or special network position is required—the victim simply loads the SWF in a browser with an affected Flash Player version [1][2][3][4].

Impact

Successful exploitation allows a remote attacker to bypass the Security Sandbox Model, obtain sensitive information about the target network (e.g., which ports are open on a host), and perform port scans. This information disclosure can aid further attacks. The attacker does not gain code execution or file write access directly, but the breach of the sandbox compromises the intended security boundaries of Flash Player [1][2][3][4].

Mitigation

Adobe Flash Player 9.0.115.0 introduced a workaround that partially mitigates the issue by altering the timing behavior, but the vulnerability was not fully fixed. Patched versions were eventually released as part of security updates; for example, Red Hat issued RHSA-2008-0980 to update the flash-plugin package. Users should upgrade to a version later than 9.0.124.0 that completely addresses the flaw. No workaround is available for vulnerable versions other than upgrading [1][2][3][4].