CVE-2007-3456

EPSS 56.3%

Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/30288unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://osvdb.org/38054 http://secunia.com/advisories/26027 http://secunia.com/advisories/26057 http://secunia.com/advisories/26118 http://secunia.com/advisories/26357 http://secunia.com/advisories/27643 http://secunia.com/advisories/28068 https://exchange.xforce.ibmcloud.com/vulnerabilities/35337 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11493 https://rhn.redhat.com/errata/RHSA-2007-0696.html