Re: Design flaw in AS3 socket handling allows port probing
Adobe released an article at their knowledge base regarding this issue.
# Socket connection timing can reveal information about network
configuration
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956
The fix is to disable socket functionality for Flash Players version
>= 9.0.115 by configuration.
Take care,
fukami
On 09.08.2007, at 20:21, fukami wrote:
Design flaw in AS3 socket handling allows port probing
# Summary
Due to a design flaw in ActionScript 3 socket handling, compiled
Flash movies are able to scan for open TCP ports on any host
reachable from the host running the SWF, bypassing the Flash Player
Security Sandbox Model and without the need to rebind DNS.
[...]
# PoC
* http://scan.flashsec.org/
[...]
# CVE
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324