Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Design flaw in AS3 socket handling allows port probing

From: fukami <fukami () sektioneins de>
Date: Thu, 20 Dec 2007 23:53:01 +0100
Adobe released an article at their knowledge base regarding this issue.
# Socket connection timing can reveal information about network configuration 
  http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956
The fix is to disable socket functionality for Flash Players version >= 9.0.115 by configuration. 


Take care,
  fukami


On 09.08.2007, at 20:21, fukami wrote:

Design flaw in AS3 socket handling allows port probing

# Summary
Due to a design flaw in ActionScript 3 socket handling, compiled Flash movies are able to scan for open TCP ports on any host reachable from the host running the SWF, bypassing the Flash Player Security Sandbox Model and without the need to rebind DNS. 
[...]
# PoC
   * http://scan.flashsec.org/
[...]
# CVE
    * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324
Previous By Date Next
Previous By Thread Next

Current thread: