CVE-2007-0071 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-0071
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-0071

Description: Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.

CVE Status: Candidate

References: XF http://xforce.iss.net/getrecord.jsp?id=37277 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 ST 1020114 1019811 SAID Secunia Advisory: SA29865 Secunia Advisory: SA29763 Secunia Advisory: SA30404 Secunia Advisory: SA30430 Secunia Advisory: SA30507 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0221.html OSVDB 44282 MISC http://isc.sans.org/diary.html?storyid=4465 http://www.zerodayinitiative.com/advisories/ZDI-08-032/ http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/ http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf ISS http://www.iss.net/threats/289.html GENTOO http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml CONFIRM http://www.adobe.com/support/security/bulletins/apsb08-11.html CERT-VN 159523 395473 CERT http://www.us-cert.gov/cas/techalerts/TA08-100A.html http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.us-cert.gov/cas/techalerts/TA08-149A.html BID 28695 29386 APPLE http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

Return to the previous page.