CVE-2007-3456 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-3456
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3456

Description: Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/35337 SUSE http://www.novell.com/linux/security/advisories/2007_46_flashplayer.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1 ST 1018359 SAID Secunia Advisory: SA26027 Secunia Advisory: SA26057 Secunia Advisory: SA26118 Secunia Advisory: SA26357 Secunia Advisory: SA27643 Secunia Advisory: SA28068 REDHAT MISC http://www.mindedsecurity.com/labs/advisories/MSA01110707 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-12.html http://docs.info.apple.com/article.html?artnum=307041 CERT-VN 730785 CERT http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.us-cert.gov/cas/techalerts/TA07-192A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/474163/100/200/threaded http://www.securityfocus.com/archive/1/archive/1/473655/100/0/threaded BID 24856 26444 APPLE http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html

Return to the previous page.