CVE Vulnerabilities

CVE-2007-3456

Published: Jul 11, 2007 | Modified: Oct 16, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an input validation error, including a signed comparison of values that are assumed to be non-negative.

Affected Software

Name Vendor Start Version End Version
Flash_player Adobe * 9.0.45.0
Flash_player Adobe 9.0.18d60 9.0.18d60
Flash_player Adobe 9.0.20.0 9.0.20.0
Flash_player Adobe 9.0.31.0 9.0.31.0
Flash_player Adobe 9.0.16 9.0.16
Flash_player Adobe 9.0.28.0 9.0.28.0
Flash_player Adobe 9.0.28 9.0.28
Flash_player Adobe 9.0.31 9.0.31
Flash_player Adobe 9.0.20 9.0.20

References