CVE-2007-3456

2007-07-1116:30:00

CWE-189

mitre

web.nvd.nist.gov

adobe flash player

integer overflow

remote code execution

input validation error

flv

swf

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.967

Percentile

99.7%

JSON

Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an “input validation error,” including a signed comparison of values that are assumed to be non-negative.

Affected configurations

Nvd

Node

adobeflash_playerRange≤9.0.45.0

adobeflash_playerMatch9.0.16

adobeflash_playerMatch9.0.18d60

adobeflash_playerMatch9.0.20

adobeflash_playerMatch9.0.20.0

adobeflash_playerMatch9.0.28

adobeflash_playerMatch9.0.28.0

adobeflash_playerMatch9.0.31

adobeflash_playerMatch9.0.31.0

VendorProductVersionCPE
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
adobeflash_player9.0.16cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
adobeflash_player9.0.18d60cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*
adobeflash_player9.0.20cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
adobeflash_player9.0.20.0cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
adobeflash_player9.0.28cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*
adobeflash_player9.0.28.0cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
adobeflash_player9.0.31cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
adobeflash_player9.0.31.0cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player::::::::
adobe	flash_player	9.0.16	cpe:2.3:a:adobe:flash_player:9.0.16:::::::*
adobe	flash_player	9.0.18d60	cpe:2.3:a:adobe:flash_player:9.0.18d60:::::::*
adobe	flash_player	9.0.20	cpe:2.3:a:adobe:flash_player:9.0.20:::::::*
adobe	flash_player	9.0.20.0	cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::*
adobe	flash_player	9.0.28	cpe:2.3:a:adobe:flash_player:9.0.28:::::::*
adobe	flash_player	9.0.28.0	cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::*
adobe	flash_player	9.0.31	cpe:2.3:a:adobe:flash_player:9.0.31:::::::*
adobe	flash_player	9.0.31.0	cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::*