<<< Date Index >>>     <<< Thread Index >>>

Re: Design flaw in AS3 socket handling allows port probing



Adobe released an article at their knowledge base regarding this issue.

# Socket connection timing can reveal information about network configuration
  http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956

The fix is to disable socket functionality for Flash Players version >= 9.0.115 by configuration.


Take care,
  fukami


On 09.08.2007, at 20:21, fukami wrote:
Design flaw in AS3 socket handling allows port probing

# Summary
Due to a design flaw in ActionScript 3 socket handling, compiled Flash movies are able to scan for open TCP ports on any host reachable from the host running the SWF, bypassing the Flash Player Security Sandbox Model and without the need to rebind DNS.
[...]
# PoC
   * http://scan.flashsec.org/
[...]
# CVE
    * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324