CVE-2007-4324

Publication date 14 August 2007

Last updated 17 July 2025

Ubuntu priority

Description

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
flashplugin-nonfree	9.04 jaunty	Fixed 10.0.32.18ubuntu0.9.04.1
	8.10 intrepid	Fixed 10.0.32.18ubuntu0.8.10.1
	8.04 LTS hardy	Fixed 9.0.246.0ubuntu1
	7.10 gutsy	Ignored end of life, was needed
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Fixed 10.0.12.36

References

Other references

https://www.cve.org/CVERecord?id=CVE-2007-4324