Adobe Flash player multiple security vulnerabilities updated since 12.07.2007
Published:		12.07.2007
Source:		CERT
SecurityVulns ID:		7927
Type:		client
Level:		8/10
Description:		Multiple vulnerabilities lead to code execution and denial of service.

Affected:		ADOBE : Flash Player 9.0
		ADOBE : Flash Player 7.070
		ADOBE : Flex 2.0
		ADOBE : Flash CS3 Professional
		ADOBE : Flash Basic
		ADOBE : Flash Player 8.0.
CVE:		CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which potentially allows remote attackers to conduct a CSRF attack via a crafted SWF file.)
		CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.)

Original document		Minded Security Research Labs, [MSA01110707] Flash Player/Plugin Video file parsing Remote Code Execution (14.07.2007)
		CERT, US-CERT Technical Cyber Security Alert TA07-192A -- Adobe Flash Player Updates for Multiple Vulnerabilities (12.07.2007)

Discuss:

Read or add your comments to this news (0 comments)