PT-2007-4727 · Adobe · Flash Player

Published

2007-07-11

Updated

2018-10-16

CVE-2007-3456

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions 9.0.45.0 and earlier

Description The issue is related to an integer overflow that could allow remote attackers to execute arbitrary code. This is achieved by providing a large length value for a Long string or XML variable type in a crafted FLV or SWF file. The problem is attributed to an input validation error, including a signed comparison of values that are assumed to be non-negative.

Recommendations For Adobe Flash Player versions 9.0.45.0 and earlier, consider updating to a version that contains a fix for this issue to prevent potential code execution by remote attackers.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2007-3456

RHSA-2007:0696

Affected Products

Flash Player

PT-2007-4727 · Adobe · Flash Player

CVE-2007-3456

Weakness Enumeration

Related Identifiers

Affected Products

References · 33