CVE-2007-5275

CVE Database · CVE-2007-5275

CVE-2007-5275

· N/AModified

CVSS v3.1

N/A

EPSS

6.15%

Published

Oct 8, 2007

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.

Weaknesses (CWE)

CWE-20

Affected Products (1)

adobe · shockwave_playervulnerable

References (20)

http://crypto.stanford.edu/dns/dns-rebinding.pdf

http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html

http://secunia.com/advisories/28157

http://secunia.com/advisories/28161

http://secunia.com/advisories/28213