{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2007-4324","title":"Title"},{"category":"description","text":"ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not.  NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2007-4324","url":"https://www.suse.com/security/cve/CVE-2007-4324"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 332480 for CVE-2007-4324","url":"https://bugzilla.suse.com/332480"},{"category":"external","summary":"SUSE Bug 435201 for CVE-2007-4324","url":"https://bugzilla.suse.com/435201"},{"category":"external","summary":"Advisory link for SUSE-SA:2007:069","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YECG645MAHRLQRBDBP5THVI2VKSHJZA3/#YECG645MAHRLQRBDBP5THVI2VKSHJZA3"},{"category":"external","summary":"Advisory link for SUSE-SR:2008:025","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RO2OGFGBEZJTF5QIXBFJMPY2MQ3KVKAL/#RO2OGFGBEZJTF5QIXBFJMPY2MQ3KVKAL"}],"title":"SUSE CVE CVE-2007-4324","tracking":{"current_release_date":"2023-12-09T03:40:20Z","generator":{"date":"2023-02-15T06:11:11Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2007-4324","initial_release_date":"2023-02-15T06:11:11Z","revision_history":[{"date":"2023-02-15T06:11:11Z","number":"2","summary":"Current version"},{"date":"2023-12-08T05:18:18Z","number":"3","summary":"Current version"},{"date":"2023-12-09T03:40:20Z","number":"4","summary":"Current version"}],"status":"interim","version":"4"}}}