Computer Security
[EN] securityvulns.ru no-pyccku


Adobe Flash player multiple security vulnerabilities
updated since 12.07.2007
Published:12.07.2007
Source:
SecurityVulns ID:7927
Type:client
Threat Level:
8/10
Description:Multiple vulnerabilities lead to code execution and denial of service.
Affected:ADOBE : Flash Player 9.0
 ADOBE : Flash Player 7.070
 ADOBE : Flex 2.0
 ADOBE : Flash CS3 Professional
 ADOBE : Flash Basic
 ADOBE : Flash Player 8.0.
CVE:CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which potentially allows remote attackers to conduct a CSRF attack via a crafted SWF file.)
 CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.)
Original documentdocumentMinded Security Research Labs, [MSA01110707] Flash Player/Plugin Video file parsing Remote Code Execution (14.07.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-192A -- Adobe Flash Player Updates for Multiple Vulnerabilities (12.07.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod