CVE-2007-5275
Flash plugin DNS rebinding
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.
La extensión Adobe Macromedia Flash 9 permite a atacantes remotos provocar que la máquina de una víctima establezca sesiones TCP con anfitriones arbitrarios mediante una película Flash (SWF), relacionada con la falta de fijación de un nombre de anfitrión con una dirección IP única después de recibir un elemento permitir-acceso-desde (allow-access-from) en un documento XML de política-de-dominio-cruzado (cross-domain-policy), y la disponibilidad de una clase Socket Flash que no utiliza las fijaciones DNS del navegador, también conocidos como ataques de revinculación DNS, un problema diferente de CVE-2002-1467 Y CVE-2007-4324.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-10-08 CVE Reserved
- 2007-10-08 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (30)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Adobe Search vendor "Adobe" | Shockwave Player Search vendor "Adobe" for product "Shockwave Player" | 9 Search vendor "Adobe" for product "Shockwave Player" and version "9" | - |
Affected
|