Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200708-01
HistoryAug 08, 2007 - 12:00 a.m.

Macromedia Flash Player: Remote arbitrary code execution

2007-08-0800:00:00
Gentoo Foundation
security.gentoo.org
17

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.967

Percentile

99.7%

JSON

Background

The Macromedia Flash Player is a renderer for the popular SWF file type which is commonly used to provide interactive websites, digital experiences and mobile content.

Description

Mark Hills discovered some errors when interacting with a browser for keystrokes handling (CVE-2007-2022). Stefano Di Paola and Giorgio Fedon from Minded Security discovered a boundary error when processing FLV files (CVE-2007-3456). An input validation error when processing HTTP referrers has also been reported (CVE-2007-3457).

Impact

A remote attacker could entice a user to open a specially crafted file, possibly leading to the execution of arbitrary code with the privileges of the user running the Macromedia Flash Player, or sensitive data access.

Workaround

There is no known workaround at this time.

Resolution

All Macromedia Flash Player users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-9.0.48.0"
OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-plugins/adobe-flash< 9.0.48.0UNKNOWN

Related

nessus 14
openvas 10
freebsd 1
suse 2
securityvulns 3
jvn 1
ubuntucve 3
prion 3
cvelist 3
cve 3
cert 3
nvd 3
redhat 2
checkpoint_advisories 2
exploitdb 1
veracode 1
centos 1
oraclelinux 1
malwarebytes 1
nessus
nessus
GLSA-200708-01 : Macromedia Flash Player: Remote arbitrary code execution
2007-08-13 00:00:00
openSUSE 10 Security Update : flash-player (flash-player-3889)
2007-10-17 00:00:00
FreeBSD : linux-flashplugin -- critical vulnerabilities (b42e8c32-34f6-11dc-9bc9-001921ab2fa4)
2007-07-18 00:00:00
openvas
openvas
FreeBSD Ports: linux-flashplugin
2008-09-04 00:00:00
SuSE Update for flash-player SUSE-SA:2007:046
2009-01-28 00:00:00
FreeBSD Ports: linux-flashplugin
2008-09-04 00:00:00
freebsd
freebsd
linux-flashplugin -- critical vulnerabilities
2007-07-10 00:00:00
suse
suse
remote code execution in flash-player
2007-07-19 14:20:54
cross site scripting, various in opera
2007-04-24 13:07:39
securityvulns
securityvulns
Adobe Flash player multiple security vulnerabilities
2007-07-12 00:00:00
[MSA01110707] Flash Player/Plugin Video file parsing Remote Code Execution
2007-07-14 00:00:00
Adobe Macromedia Flash Player code execution
2007-04-16 00:00:00
jvn
jvn
JVN#72595280 Flash Player allows to send arbitrary Referer headers
2007-07-11 00:00:00
ubuntucve
ubuntucve
CVE-2007-3457
2007-07-11 00:00:00
CVE-2007-3456
2007-07-11 00:00:00
CVE-2007-2022
2007-04-13 00:00:00
prion
prion
Cross site request forgery (csrf)
2007-07-11 16:30:00
Integer overflow
2007-07-11 16:30:00
Design/Logic Flaw
2007-04-13 18:19:00
cvelist
cvelist
CVE-2007-3457
2007-07-11 16:00:00
CVE-2007-3456
2007-07-11 16:00:00
CVE-2007-2022
2007-04-13 18:00:00
cve
cve
CVE-2007-3457
2007-07-11 16:30:00
CVE-2007-3456
2007-07-11 16:30:00
CVE-2007-2022
2007-04-13 18:19:00
cert
cert
Adobe Flash Player fails to properly validate HTTP Referers
2007-07-12 00:00:00
Adobe Flash Player FLV integer overflow
2007-07-11 00:00:00
Flash Player information disclosure vulnerability
2007-07-12 00:00:00
nvd
nvd
CVE-2007-3457
2007-07-11 16:30:00
CVE-2007-3456
2007-07-11 16:30:00
CVE-2007-2022
2007-04-13 18:19:00
redhat
redhat
(RHSA-2007:0696) Critical: flash-plugin security update
2007-07-12 00:00:00
(RHSA-2007:0494) Important: kdebase security update
2007-06-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player FLV Processing Buffer Overflow (CVE-2007-3456)
2009-12-14 00:00:00
IPS-1 Updates against Adobe, Microsoft Windows, Microsoft DirectShow and OpenOffice.org Vulnerabilities
2008-02-26 00:00:00
exploitdb
exploitdb
Adobe Flash Player 8.0.24 - &#039;.SWF&#039; File Handling Remote Code Execution
2007-07-10 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:14:45
centos
centos
kdebase security update
2007-06-13 19:26:11
oraclelinux
oraclelinux
Important: kdebase security update
2007-06-13 00:00:00
malwarebytes
malwarebytes
Update Chrome now: Four high risk vulnerabilities found
2022-06-13 14:20:34

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.967

Percentile

99.7%

JSON
Related for GLSA-200708-01
nessus14openvas10freebsd1suse2securityvulns3jvn1ubuntucve3prion3cvelist3cve3cert3nvd3redhat2checkpoint_advisories2exploitdb1veracode1centos1oraclelinux1malwarebytes1