← volver
CVE-2007-5275

CVE-2007-5275

EPSS 6.2%
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://crypto.stanford.edu/dns/dns-rebinding.pdfhttp://lists.apple.com/archives/security-announce/2008//May/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.htmlhttp://secunia.com/advisories/28157http://secunia.com/advisories/28161http://secunia.com/advisories/28213http://secunia.com/advisories/28570http://secunia.com/advisories/29763http://secunia.com/advisories/29865http://secunia.com/advisories/30430http://secunia.com/advisories/30507