CVE-2007-4324 – Flash movie can determine whether a TCP port is open
https://notcve.org/view.php?id=CVE-2007-4324
ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability. ActionScript versión 3 (AS3) en Adobe Flash Player versiones 9.0.47.0 y 9.0.124.0 y anteriores, permite a atacantes remotos omitir el Security Sandbox Model, obtener información confidencial y analizar puertos hosts arbitrarios por medio de una película Flash (SWF) que especifica una conexión a realizar y, a continuación, usa discrepancias de tiempo del error SecurityErrorEvent para determinar si un puerto está abierto o no. NOTA: la versión 9.0.115.0 introduce soporte para una solución alternativa, pero no corrige esta vulnerabilidad. • http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956&sliceId=2 http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://scan.flashsec.org http://secunia.com/advisories/28157 http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28570 http://secunia.com/advisories/30507 http://secunia.com/advisories/32270 http://secunia.com/ad • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-3456 – Adobe Flash Player 8.0.24 - '.SWF' File Handling Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-3456
Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative. El desbordamiento de enteros en Adobe Flash Player versiones 9.0.45.0 y anteriores, podría permitir a los atacantes remotos ejecutar código arbitrario por medio de un valor de longitud grande para un (1) cadena larga o (2) tipo de variable XML en un archivo creado (a) FLV o (b) SWF, relacionado con un "input validation error" incluyendo una comparación firmada de valores que se supone que no son negativos • https://www.exploit-db.com/exploits/30288 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://osvdb.org/38054 http://secunia.com/advisories/26027 http://secunia.com/advisories/26057 http://secunia.com/advisories/26118 http://secunia.com/advisories/26357 http://secunia.com/advisories/27643 http://secunia.com/advisories/28068 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1 h • CWE-20: Improper Input Validation CWE-189: Numeric Errors •
CVE-2007-2022 – kdebase3 flash-player interaction problem
https://notcve.org/view.php?id=CVE-2007-2022
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. Adobe Macromedia Flash Player versiones 7 y 9, cuando es usado con Opera versiones anteriores a 9.20 o Konqueror anteriores a 20070613, permite a atacantes remotos obtener información confidencial (pulsaciones de teclas del navegador), que son filtradas en la applet de Flash Player. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://secunia.com/advisories/24877 http://secunia.com/advisories/25027 http://secunia.com/advisories/25432 http://secunia.com/advisories/25662 http://secunia.com/advisories/25669 http://secunia.com/advisories/25894 http://secunia.com/advisories/25933 http://secunia.com/advisories/26027 http://secunia.com/advisories/26118 http://secunia.com/advisories/26357 http://secunia.com/advisories/26860 http:/& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2006-5330
https://notcve.org/view.php?id=CVE-2006-5330
CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. Vulnerabilidad de inyección CRLF en Adobe Flash Player plugin 9.0.16 y anteriores para Windows, 7.0.63 y anteriores para Linux, 7.x anterior a 7.0 r67 para Solaris y anterior a 9.0.28.0 para Mac OS X, permite a atacantes remotos modificar cabeceras HTTP de las peticiones del cliente y dirigir ataques de división de petición HTTP mediante secuencias CRLF en argumentos a las funciones ActionScript (1) XML.addRequestHeader y (2) XML.contentType. NOTA: la flexibilidad del ataque varía dependiendo del tipo de navegador web utilizado. • http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html http://secunia.com/advisories/22467 http://secunia.com/advisories/23324 http://secunia.com/advisories/23581 http://secunia.com/advisories/24479 http://secunia.com/advisories/25467 http://securityreason.com/securityalert/1737 http://securitytracker.com/id?1017078 http://sunsolve.sun.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-4640
https://notcve.org/view.php?id=CVE-2006-4640
Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors. Vulnerabilidad no especificada en Adobe Flash Player anterior 9.0.16.0 permite a un atacante remoto con la complicidad del usuario puentear la protección de allowScriptAccess a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/21865 http://secunia.com/advisories/22054 http://secunia.com/advisories/22187 http://secunia.com/advisories/22882 http://www.adobe.com/support/security/bulletins/apsb06-11.html http://www.kb.cert.org/vuls/id/168372 http://www.novell.com/linux/security/advisories/2006_53_flashplayer.html http://www.osvdb.org/28734 http://www.securityfocus.com/bid/19980 http://www.us& • CWE-264: Permissions, Privileges, and Access Controls •