CVE-2007-5275

EPSS 37.25%
Published 08.10.2007 23:17:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.

Affected products Warnungen 0 Metrics 2 CWE 1 References 31

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Shockwave Player Version9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	37.25%	0.97

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

http://secunia.com/advisories/30430

http://www.us-cert.gov/cas/techalerts/TA08-150A.html

US Government Resource

http://www.vupen.com/english/advisories/2008/1697

http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html

http://secunia.com/advisories/28157

http://secunia.com/advisories/28161

http://secunia.com/advisories/28213

http://secunia.com/advisories/28570

http://secunia.com/advisories/30507

http://securitytracker.com/id?1019116