Vulnerability Description
Use-after-free vulnerability in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to execute arbitrary code via an unspecified sequence of Real Time Message Protocol (RTMP) requests.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Connect Enterprise Server | <= 6 |
| Adobe | Flash Media Server 2 | <= 2.0.4 |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=663
- http://secunia.com/advisories/28946
- http://secunia.com/advisories/28947PatchVendor Advisory
- http://www.adobe.com/support/security/bulletins/apsb08-03.html
- http://www.adobe.com/support/security/bulletins/apsb08-04.htmlPatch
- http://www.securityfocus.com/bid/27762
- http://www.securitytracker.com/id?1019398
- http://www.vupen.com/english/advisories/2008/0538/references
- http://www.vupen.com/english/advisories/2008/0539
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=663
- http://secunia.com/advisories/28946
- http://secunia.com/advisories/28947PatchVendor Advisory
- http://www.adobe.com/support/security/bulletins/apsb08-03.html
- http://www.adobe.com/support/security/bulletins/apsb08-04.htmlPatch
- http://www.securityfocus.com/bid/27762
FAQ
What is CVE-2007-6148?
CVE-2007-6148 is a vulnerability with a CVSS score of 10.0 (HIGH). Use-after-free vulnerability in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to execute arbitrary code via an unspeci...
How severe is CVE-2007-6148?
CVE-2007-6148 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6148?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Connect Enterprise Server, Adobe Flash Media Server 2.