Vulnerability Description
Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Flash Player | <= 9.0.45.0 |
Related Weaknesses (CWE)
References
- http://docs.info.apple.com/article.html?artnum=307041
- http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
- http://osvdb.org/38054
- http://secunia.com/advisories/26027PatchVendor Advisory
- http://secunia.com/advisories/26057Vendor Advisory
- http://secunia.com/advisories/26118Vendor Advisory
- http://secunia.com/advisories/26357Vendor Advisory
- http://secunia.com/advisories/27643Vendor Advisory
- http://secunia.com/advisories/28068Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1
- http://www.adobe.com/support/security/bulletins/apsb07-12.htmlVendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml
- http://www.kb.cert.org/vuls/id/730785US Government Resource
- http://www.mindedsecurity.com/labs/advisories/MSA01110707
FAQ
What is CVE-2007-3456?
CVE-2007-3456 is a vulnerability with a CVSS score of 9.3 (HIGH). Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted ...
How severe is CVE-2007-3456?
CVE-2007-3456 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3456?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player.