Launchpad.net

CVE 2007-5275

The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.

See the

CVE page on Mitre.org for more details.

References

MISC: http://crypto.stanford...
CONFIRM: http://www.adobe.com/s...
REDHAT: RHSA-2007:1126
BID: 26930
SECTRACK: 1019116
SECUNIA: 28157
SECUNIA: 28161
CERT: TA07-355A
GENTOO: GLSA-200801-07
SECUNIA: 28570
SUSE: SUSE-SA:2007:069
SECUNIA: 28213
CONFIRM: http://www.adobe.com/s...
REDHAT: RHSA-2008:0221
CERT: TA08-100A
SUSE: SUSE-SA:2008:022
SECUNIA: 29763
GENTOO: GLSA-200804-21
SECUNIA: 29865
APPLE: APPLE-SA-2008-05-28
CERT: TA08-150A
SECUNIA: 30430
SUNALERT: 238305
SECUNIA: 30507
VUPEN: ADV-2007-4258
VUPEN: ADV-2008-1697
VUPEN: ADV-2008-1724
OVAL: oval:org.mitre.oval:de...

Launchpad.net

CVE 2007-5275

Related bugs

References