FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-5275

This CVE name corresponds to:

Entered Topic
2008-01-03 linux-flashplugin -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-5275 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-5275
Phase Assigned(20071008)

Description

The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.

References

Source Reference
MISC http://crypto.stanford.edu/dns/dns-rebinding.pdf
CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-20.html
CONFIRM http://www.adobe.com/support/security/bulletins/apsb08-11.html
APPLE APPLE-SA-2008-05-28
GENTOO GLSA-200801-07
GENTOO GLSA-200804-21
REDHAT RHSA-2007:1126
REDHAT RHSA-2008:0221
SUNALERT 238305
SUSE SUSE-SA:2007:069
SUSE SUSE-SA:2008:022
CERT TA07-355A
CERT TA08-100A
CERT TA08-150A
BID 26930
OVAL oval:org.mitre.oval:def:9250
VUPEN ADV-2007-4258
VUPEN ADV-2008-1697
VUPEN ADV-2008-1724
SECTRACK 1019116
SECUNIA 28157
SECUNIA 28161
SECUNIA 28570
SECUNIA 28213
SECUNIA 29763
SECUNIA 29865
SECUNIA 30430
SECUNIA 30507

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.