Lucene search

[email protected]NVD:CVE-2007-6019

HistoryApr 09, 2008 - 9:05 p.m.

CVE-2007-6019

2008-04-0921:05:00

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.278 Low

EPSS

Percentile

96.8%

JSON

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.

Affected configurations

NVD

Node

adobeairMatch1.0

adobeflashMatchbasic8

adobeflashMatchprofessional8

adobeflashMatchprofessionalcs3

adobeflash_playerRange≤9.0.115.0

adobeflash_playerMatch7.0

adobeflash_playerMatch7.0.1

adobeflash_playerMatch7.0.25

adobeflash_playerMatch7.0.63

adobeflash_playerMatch7.0.69.0

adobeflash_playerMatch7.0.70.0

adobeflash_playerMatch7.0_r67

adobeflash_playerMatch7.1

adobeflash_playerMatch7.1.1

adobeflash_playerMatch7.2

adobeflash_playerMatch8pro

adobeflash_playerMatch8professional

adobeflash_playerMatch8.0

adobeflash_playerMatch8.0basic

adobeflash_playerMatch8.0pro

adobeflash_playerMatch8.0.24.0

adobeflash_playerMatch8.0.34.0

adobeflash_playerMatch8.0.35.0

adobeflash_playerMatch8.0.39.0

adobeflash_playerMatch9.0

adobeflash_playerMatch9.0.16

adobeflash_playerMatch9.0.16windows

adobeflash_playerMatch9.0.18d60

adobeflash_playerMatch9.0.20

adobeflash_playerMatch9.0.20.0

adobeflash_playerMatch9.0.28

adobeflash_playerMatch9.0.28.0

adobeflash_playerMatch9.0.31

adobeflash_playerMatch9.0.31.0

adobeflash_playerMatch9.0.45.0

adobeflash_playerMatch9.0.47.0

adobeflash_playerMatch9.0.48.0

adobeflash_playerMatch9.0.112.0

adobeflash_playerMatch9.0.114.0

adobeflash_playerMatch9.0.124.0

adobeflash_playerMatch9.0.155.0

adobeflexMatch3.0

References

lists.apple.com/archives/security-announce/2008//May/msg00001.html

lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html

secunia.com/advisories/29763

secunia.com/advisories/29865

secunia.com/advisories/30430

secunia.com/advisories/30507

securityreason.com/securityalert/3805

sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1

www.adobe.com/support/security/bulletins/apsb08-11.html

www.gentoo.org/security/en/glsa/glsa-200804-21.xml

www.redhat.com/support/errata/RHSA-2008-0221.html

www.securityfocus.com/archive/1/490623/100/0/threaded

www.securityfocus.com/archive/1/490824/100/0/threaded

www.securityfocus.com/bid/28694

www.securitytracker.com/id?1019810

www.us-cert.gov/cas/techalerts/TA08-100A.html

www.us-cert.gov/cas/techalerts/TA08-150A.html

www.vupen.com/english/advisories/2008/1697

www.vupen.com/english/advisories/2008/1724/references

www.zerodayinitiative.com/advisories/ZDI-08-021

exchange.xforce.ibmcloud.com/vulnerabilities/41717

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.278 Low

EPSS

Percentile

96.8%

JSON

Related for NVD:CVE-2007-6019

securityvulns4 cvelist1 cve1 zdi1 seebug2 ubuntucve1 prion1 suse1 openvas8 nessus7 gentoo1 redhat1