Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2007-AVI-299
Vulnerability from certfr_avis
Plusieurs vulnérabilités affectant Adobe Flash Player permettent, entre autres, l'exécution de code arbitraire à distance.
Description
Plusieurs vulnérabilités ont été découvertes dans différentes versions de Adobe Flash Player :
- une mauvaise validation des données par Adobe Flash Player (versions 9.0.45.0 et antérieures) permet, par le biais d'un fichier au format SWF spécifiquement constitué, l'exécution de code arbitraire à distance (référence CVE-2007-3456) ;
- une mauvaise validation du paramètre HTTP referer par Adobe Flash Player (versions 8.0.34.0 et antérieures, la version 9 n'est pas affectée) permet de réaliser des attaques de type cross-site request forgery (référence CVE-2007-3457) ;
- des mises à jour pour les versions Linux et Solaris d'Adobe Flash Player version 7 corrigent des vulnérabilités décrites dans le bulletin de sécurité Adobe APSA07-03 (référence CVE-2007-2022).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Flash Player versions 9.0.45.0 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Flash Player versions 8.0.34.0 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Flash Player versions 7.0.69.0 et ant\u00e9rieures.",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans diff\u00e9rentes versions\nde Adobe Flash Player :\n\n- une mauvaise validation des donn\u00e9es par Adobe Flash Player (versions\n 9.0.45.0 et ant\u00e9rieures) permet, par le biais d\u0027un fichier au format\n SWF sp\u00e9cifiquement constitu\u00e9, l\u0027ex\u00e9cution de code arbitraire \u00e0\n distance (r\u00e9f\u00e9rence CVE-2007-3456) ;\n- une mauvaise validation du param\u00e8tre HTTP referer par Adobe Flash\n Player (versions 8.0.34.0 et ant\u00e9rieures, la version 9 n\u0027est pas\n affect\u00e9e) permet de r\u00e9aliser des attaques de type cross-site request\n forgery (r\u00e9f\u00e9rence CVE-2007-3457) ;\n- des mises \u00e0 jour pour les versions Linux et Solaris d\u0027Adobe Flash\n Player version 7 corrigent des vuln\u00e9rabilit\u00e9s d\u00e9crites dans le\n bulletin de s\u00e9curit\u00e9 Adobe APSA07-03 (r\u00e9f\u00e9rence CVE-2007-2022).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-2022",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2022"
},
{
"name": "CVE-2007-3456",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3456"
},
{
"name": "CVE-2007-3457",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3457"
}
],
"initial_release_date": "2007-07-11T00:00:00",
"last_revision_date": "2007-07-11T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSA07-03 du 11 avril 2007 :",
"url": "http://www.adobe.com/support/security/advisories/apsa07-03.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB07-12 du 10 juillet 2007 :",
"url": "http://www.adobe.com/support/security/bulletins/apsb07-12.html"
}
],
"reference": "CERTA-2007-AVI-299",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant \u003cspan class=\"textit\"\u003eAdobe Flash\nPlayer\u003c/span\u003e permettent, entre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Adobe Flash Player",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB07 du 10 juillet 2007",
"url": null
}
]
}
CVE-2007-2022 (GCVE-0-2007-2022)
Vulnerability from cvelistv5
Published
2007-04-13 18:00
Modified
2024-08-07 13:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:42.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28068"
},
{
"name": "opera-flash-player-unspecified(33595)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33595"
},
{
"name": "25894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25894"
},
{
"name": "26357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26357"
},
{
"name": "SUSE-SA:2007:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_46_flashplayer.html"
},
{
"name": "26860",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26860"
},
{
"name": "201506",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1"
},
{
"name": "25669",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25669"
},
{
"name": "ADV-2007-4190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4190"
},
{
"name": "MDKSA-2007:138",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1462"
},
{
"name": "23437",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23437"
},
{
"name": "GLSA-200708-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml"
},
{
"name": "24877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24877"
},
{
"name": "26027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26027"
},
{
"name": "SUSE-SR:2007:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_12_sr.html"
},
{
"name": "RHSA-2007:0494",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0494.html"
},
{
"name": "TA07-192A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-192A.html"
},
{
"name": "oval:org.mitre.oval:def:9332",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9332"
},
{
"name": "ADV-2007-1361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1361"
},
{
"name": "26118",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26118"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/advisories/apsa07-03.html"
},
{
"name": "25027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25027"
},
{
"name": "SUSE-SA:2007:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_28_opera.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/support/search/view/858/"
},
{
"name": "25933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25933"
},
{
"name": "ADV-2007-2497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2497"
},
{
"name": "103167",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1"
},
{
"name": "1017903",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017903"
},
{
"name": "20070602-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
},
{
"name": "25662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25662"
},
{
"name": "25432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25432"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb07-12.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28068"
},
{
"name": "opera-flash-player-unspecified(33595)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33595"
},
{
"name": "25894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25894"
},
{
"name": "26357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26357"
},
{
"name": "SUSE-SA:2007:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_46_flashplayer.html"
},
{
"name": "26860",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26860"
},
{
"name": "201506",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1"
},
{
"name": "25669",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25669"
},
{
"name": "ADV-2007-4190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4190"
},
{
"name": "MDKSA-2007:138",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1462"
},
{
"name": "23437",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23437"
},
{
"name": "GLSA-200708-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml"
},
{
"name": "24877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24877"
},
{
"name": "26027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26027"
},
{
"name": "SUSE-SR:2007:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_12_sr.html"
},
{
"name": "RHSA-2007:0494",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0494.html"
},
{
"name": "TA07-192A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-192A.html"
},
{
"name": "oval:org.mitre.oval:def:9332",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9332"
},
{
"name": "ADV-2007-1361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1361"
},
{
"name": "26118",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26118"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/advisories/apsa07-03.html"
},
{
"name": "25027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25027"
},
{
"name": "SUSE-SA:2007:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_28_opera.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/support/search/view/858/"
},
{
"name": "25933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25933"
},
{
"name": "ADV-2007-2497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2497"
},
{
"name": "103167",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1"
},
{
"name": "1017903",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017903"
},
{
"name": "20070602-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
},
{
"name": "25662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25662"
},
{
"name": "25432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25432"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb07-12.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28068"
},
{
"name": "opera-flash-player-unspecified(33595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33595"
},
{
"name": "25894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25894"
},
{
"name": "26357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26357"
},
{
"name": "SUSE-SA:2007:046",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_46_flashplayer.html"
},
{
"name": "26860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26860"
},
{
"name": "201506",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1"
},
{
"name": "25669",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25669"
},
{
"name": "ADV-2007-4190",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4190"
},
{
"name": "MDKSA-2007:138",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:138"
},
{
"name": "https://issues.rpath.com/browse/RPL-1462",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1462"
},
{
"name": "23437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23437"
},
{
"name": "GLSA-200708-01",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml"
},
{
"name": "24877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24877"
},
{
"name": "26027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26027"
},
{
"name": "SUSE-SR:2007:012",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_12_sr.html"
},
{
"name": "RHSA-2007:0494",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0494.html"
},
{
"name": "TA07-192A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-192A.html"
},
{
"name": "oval:org.mitre.oval:def:9332",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9332"
},
{
"name": "ADV-2007-1361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1361"
},
{
"name": "26118",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26118"
},
{
"name": "http://www.adobe.com/support/security/advisories/apsa07-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa07-03.html"
},
{
"name": "25027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25027"
},
{
"name": "SUSE-SA:2007:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_28_opera.html"
},
{
"name": "http://www.opera.com/support/search/view/858/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/search/view/858/"
},
{
"name": "25933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25933"
},
{
"name": "ADV-2007-2497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2497"
},
{
"name": "103167",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1"
},
{
"name": "1017903",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017903"
},
{
"name": "20070602-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
},
{
"name": "25662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25662"
},
{
"name": "25432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25432"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb07-12.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb07-12.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2022",
"datePublished": "2007-04-13T18:00:00",
"dateReserved": "2007-04-13T00:00:00",
"dateUpdated": "2024-08-07T13:13:42.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3457 (GCVE-0-2007-3457)
Vulnerability from cvelistv5
Published
2007-07-11 16:00
Modified
2024-08-07 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:34.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28068"
},
{
"name": "1018359",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018359"
},
{
"name": "26357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26357"
},
{
"name": "SUSE-SA:2007:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_46_flashplayer.html"
},
{
"name": "201506",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1"
},
{
"name": "ADV-2007-4190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4190"
},
{
"name": "38049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/38049"
},
{
"name": "GLSA-200708-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml"
},
{
"name": "26027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26027"
},
{
"name": "flashplayer-swf-httpreferer-csrf(35338)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35338"
},
{
"name": "TA07-192A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-192A.html"
},
{
"name": "26118",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26118"
},
{
"name": "ADV-2007-2497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2497"
},
{
"name": "103167",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb07-12.html"
},
{
"name": "VU#138457",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/138457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28068"
},
{
"name": "1018359",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018359"
},
{
"name": "26357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26357"
},
{
"name": "SUSE-SA:2007:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_46_flashplayer.html"
},
{
"name": "201506",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1"
},
{
"name": "ADV-2007-4190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4190"
},
{
"name": "38049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/38049"
},
{
"name": "GLSA-200708-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml"
},
{
"name": "26027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26027"
},
{
"name": "flashplayer-swf-httpreferer-csrf(35338)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35338"
},
{
"name": "TA07-192A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-192A.html"
},
{
"name": "26118",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26118"
},
{
"name": "ADV-2007-2497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2497"
},
{
"name": "103167",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb07-12.html"
},
{
"name": "VU#138457",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/138457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28068"
},
{
"name": "1018359",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018359"
},
{
"name": "26357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26357"
},
{
"name": "SUSE-SA:2007:046",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_46_flashplayer.html"
},
{
"name": "201506",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1"
},
{
"name": "ADV-2007-4190",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4190"
},
{
"name": "38049",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/38049"
},
{
"name": "GLSA-200708-01",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml"
},
{
"name": "26027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26027"
},
{
"name": "flashplayer-swf-httpreferer-csrf(35338)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35338"
},
{
"name": "TA07-192A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-192A.html"
},
{
"name": "26118",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26118"
},
{
"name": "ADV-2007-2497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2497"
},
{
"name": "103167",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb07-12.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb07-12.html"
},
{
"name": "VU#138457",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/138457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3457",
"datePublished": "2007-07-11T16:00:00",
"dateReserved": "2007-06-26T00:00:00",
"dateUpdated": "2024-08-07T14:21:34.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3456 (GCVE-0-2007-3456)
Vulnerability from cvelistv5
Published
2007-07-11 16:00
Modified
2024-08-07 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:34.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28068"
},
{
"name": "1018359",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018359"
},
{
"name": "RHSA-2007:0696",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2007-0696.html"
},
{
"name": "26357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26357"
},
{
"name": "SUSE-SA:2007:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_46_flashplayer.html"
},
{
"name": "201506",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1"
},
{
"name": "38054",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38054"
},
{
"name": "ADV-2007-4190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4190"
},
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "GLSA-200708-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml"
},
{
"name": "26027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26027"
},
{
"name": "flashplayer-swf-code-execution(35337)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35337"
},
{
"name": "TA07-192A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-192A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mindedsecurity.com/labs/advisories/MSA01110707"
},
{
"name": "26118",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26118"
},
{
"name": "oval:org.mitre.oval:def:11493",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11493"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "VU#730785",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/730785"
},
{
"name": "20070713 [MSA01110707] Flash Player/Plugin Video file parsing Remote CodeExecution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473655/100/0/threaded"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "24856",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24856"
},
{
"name": "ADV-2007-2497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2497"
},
{
"name": "20070720 FLEA-2007-0032-1: flashplayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474248/30/5760/threaded"
},
{
"name": "103167",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "26057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26057"
},
{
"name": "20070719 Wii\u0027s Internet Channel affected to Flash FLV parser vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474163/100/200/threaded"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb07-12.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an \"input validation error,\" including a signed comparison of values that are assumed to be non-negative."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28068"
},
{
"name": "1018359",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018359"
},
{
"name": "RHSA-2007:0696",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2007-0696.html"
},
{
"name": "26357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26357"
},
{
"name": "SUSE-SA:2007:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_46_flashplayer.html"
},
{
"name": "201506",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1"
},
{
"name": "38054",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38054"
},
{
"name": "ADV-2007-4190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4190"
},
{
"name": "26444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "GLSA-200708-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml"
},
{
"name": "26027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26027"
},
{
"name": "flashplayer-swf-code-execution(35337)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35337"
},
{
"name": "TA07-192A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-192A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mindedsecurity.com/labs/advisories/MSA01110707"
},
{
"name": "26118",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26118"
},
{
"name": "oval:org.mitre.oval:def:11493",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11493"
},
{
"name": "APPLE-SA-2007-11-14",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "VU#730785",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/730785"
},
{
"name": "20070713 [MSA01110707] Flash Player/Plugin Video file parsing Remote CodeExecution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473655/100/0/threaded"
},
{
"name": "ADV-2007-3868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "24856",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24856"
},
{
"name": "ADV-2007-2497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2497"
},
{
"name": "20070720 FLEA-2007-0032-1: flashplayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474248/30/5760/threaded"
},
{
"name": "103167",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1"
},
{
"name": "27643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27643"
},
{
"name": "26057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26057"
},
{
"name": "20070719 Wii\u0027s Internet Channel affected to Flash FLV parser vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474163/100/200/threaded"
},
{
"name": "TA07-319A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb07-12.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an \"input validation error,\" including a signed comparison of values that are assumed to be non-negative."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28068"
},
{
"name": "1018359",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018359"
},
{
"name": "RHSA-2007:0696",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2007-0696.html"
},
{
"name": "26357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26357"
},
{
"name": "SUSE-SA:2007:046",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_46_flashplayer.html"
},
{
"name": "201506",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1"
},
{
"name": "38054",
"refsource": "OSVDB",
"url": "http://osvdb.org/38054"
},
{
"name": "ADV-2007-4190",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4190"
},
{
"name": "26444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "GLSA-200708-01",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml"
},
{
"name": "26027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26027"
},
{
"name": "flashplayer-swf-code-execution(35337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35337"
},
{
"name": "TA07-192A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-192A.html"
},
{
"name": "http://www.mindedsecurity.com/labs/advisories/MSA01110707",
"refsource": "MISC",
"url": "http://www.mindedsecurity.com/labs/advisories/MSA01110707"
},
{
"name": "26118",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26118"
},
{
"name": "oval:org.mitre.oval:def:11493",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11493"
},
{
"name": "APPLE-SA-2007-11-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307041",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "VU#730785",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/730785"
},
{
"name": "20070713 [MSA01110707] Flash Player/Plugin Video file parsing Remote CodeExecution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473655/100/0/threaded"
},
{
"name": "ADV-2007-3868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "24856",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24856"
},
{
"name": "ADV-2007-2497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2497"
},
{
"name": "20070720 FLEA-2007-0032-1: flashplayer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474248/30/5760/threaded"
},
{
"name": "103167",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1"
},
{
"name": "27643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27643"
},
{
"name": "26057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26057"
},
{
"name": "20070719 Wii\u0027s Internet Channel affected to Flash FLV parser vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474163/100/200/threaded"
},
{
"name": "TA07-319A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb07-12.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb07-12.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3456",
"datePublished": "2007-07-11T16:00:00",
"dateReserved": "2007-06-26T00:00:00",
"dateUpdated": "2024-08-07T14:21:34.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…