CVE-2007-3456
Last modified
CVE-2007-3456 is a vulnerability of currently unknown severity. Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.. EPSS estimates a 56.31% chance of exploitation in the next 30 days.
Description
Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Flash Player | <= 9.0.45.0 |
| Adobe | Flash Player | 9.0.16 |
| Adobe | Flash Player | 9.0.18d60 |
| Adobe | Flash Player | 9.0.20 |
| Adobe | Flash Player | 9.0.20.0 |
| Adobe | Flash Player | 9.0.28 |
| Adobe | Flash Player | 9.0.28.0 |
| Adobe | Flash Player | 9.0.31 |
| Adobe | Flash Player | 9.0.31.0 |
References
- http://secunia.com/advisories/26027Patch, Vendor Advisory
- http://secunia.com/advisories/26057Vendor Advisory
- http://secunia.com/advisories/26118Vendor Advisory
- http://secunia.com/advisories/26357Vendor Advisory
- http://secunia.com/advisories/27643Vendor Advisory
- http://secunia.com/advisories/28068Vendor Advisory
- http://www.kb.cert.org/vuls/id/730785US Government Resource
- http://www.us-cert.gov/cas/techalerts/TA07-192A.htmlUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA07-319A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/2497Vendor Advisory
- http://www.vupen.com/english/advisories/2007/3868Vendor Advisory
- http://www.vupen.com/english/advisories/2007/4190Vendor Advisory
- http://secunia.com/advisories/26027Patch, Vendor Advisory
- http://secunia.com/advisories/26057Vendor Advisory
- http://secunia.com/advisories/26118Vendor Advisory
- http://secunia.com/advisories/26357Vendor Advisory
- http://secunia.com/advisories/27643Vendor Advisory
- http://secunia.com/advisories/28068Vendor Advisory
- http://www.kb.cert.org/vuls/id/730785US Government Resource
- http://www.us-cert.gov/cas/techalerts/TA07-192A.htmlUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA07-319A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/2497Vendor Advisory
- http://www.vupen.com/english/advisories/2007/3868Vendor Advisory
- http://www.vupen.com/english/advisories/2007/4190Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-3456?
How severe is CVE-2007-3456?
How do I fix CVE-2007-3456?
Are you affected by CVE-2007-3456?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST