Full Disclosure mailing list archives

Re: Design flaw in AS3 socket handling allows port probing

From: fukami <fukami () sektioneins de>
Date: Thu, 20 Dec 2007 23:53:01 +0100

Adobe released an article at their knowledge base regarding this issue.

# Socket connection timing can reveal information about network  
configuration
   http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956

The fix is to disable socket functionality for Flash Players version

= 9.0.115 by configuration.



Take care,
   fukami


On 09.08.2007, at 20:21, fukami wrote:

Design flaw in AS3 socket handling allows port probing

# Summary
Due to a design flaw in ActionScript 3 socket handling, compiled  
Flash movies are able to scan for open TCP ports on any host  
reachable from the host running the SWF, bypassing the Flash Player  
Security Sandbox Model and without the need to rebind DNS.
[...]
# PoC
   * http://scan.flashsec.org/
[...]
# CVE
    * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Design flaw in AS3 socket handling allows port probing fukami (Dec 20)