CVE - CVE-2007-3456

CVE-ID
CVE-2007-3456	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2007-11-14 URL:http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html BID:24856 URL:http://www.securityfocus.com/bid/24856 BID:26444 URL:http://www.securityfocus.com/bid/26444 BUGTRAQ:20070713 [MSA01110707] Flash Player/Plugin Video file parsing Remote CodeExecution URL:http://www.securityfocus.com/archive/1/473655/100/0/threaded BUGTRAQ:20070719 Wii's Internet Channel affected to Flash FLV parser vulnerability URL:http://www.securityfocus.com/archive/1/474163/100/200/threaded BUGTRAQ:20070720 FLEA-2007-0032-1: flashplayer URL:http://www.securityfocus.com/archive/1/474248/30/5760/threaded CERT:TA07-192A URL:http://www.us-cert.gov/cas/techalerts/TA07-192A.html CERT:TA07-319A URL:http://www.us-cert.gov/cas/techalerts/TA07-319A.html CERT-VN:VU#730785 URL:http://www.kb.cert.org/vuls/id/730785 CONFIRM:http://docs.info.apple.com/article.html?artnum=307041 CONFIRM:http://www.adobe.com/support/security/bulletins/apsb07-12.html GENTOO:GLSA-200708-01 URL:http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml MISC:http://www.mindedsecurity.com/labs/advisories/MSA01110707 OSVDB:38054 URL:~~http://osvdb.org/38054~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:11493 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11493 REDHAT:RHSA-2007:0696 URL:https://rhn.redhat.com/errata/RHSA-2007-0696.html SECTRACK:1018359 URL:http://www.securitytracker.com/id?1018359 SECUNIA:26027 URL:http://secunia.com/advisories/26027 SECUNIA:26057 URL:http://secunia.com/advisories/26057 SECUNIA:26118 URL:http://secunia.com/advisories/26118 SECUNIA:26357 URL:http://secunia.com/advisories/26357 SECUNIA:27643 URL:http://secunia.com/advisories/27643 SECUNIA:28068 URL:http://secunia.com/advisories/28068 SUNALERT:103167 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1~~ (Obsolete source) SUNALERT:201506 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1~~ (Obsolete source) SUSE:SUSE-SA:2007:046 URL:http://www.novell.com/linux/security/advisories/2007_46_flashplayer.html VUPEN:ADV-2007-2497 URL:~~http://www.vupen.com/english/advisories/2007/2497~~ (Obsolete source) VUPEN:ADV-2007-3868 URL:~~http://www.vupen.com/english/advisories/2007/3868~~ (Obsolete source) VUPEN:ADV-2007-4190 URL:~~http://www.vupen.com/english/advisories/2007/4190~~ (Obsolete source) XF:flashplayer-swf-code-execution(35337) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/35337
Assigning CNA
MITRE Corporation
Date Record Created
20070626	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070626)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)