Published: 09/04/2008 Updated: 30/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Adobe Flash Player 9.0.115.0 and previous versions, and 8.0.39.0 and previous versions, allows remote malicious users to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe flash player 7.0.1
adobe flash player 7.0.25
adobe flash player 8.0
adobe flash player 8
adobe flash player 9.0.16
adobe flash player 9.0.18d60
adobe flash player 9.0.20
adobe flash player 9.0.47.0
adobe flash player 9.0.48.0
adobe flash player 7.0.63
adobe flash player 7.0.69.0
adobe flash player 7.0.70.0
adobe flash player 8.0.24.0
adobe flash player 8.0.34.0
adobe flash player 9.0
adobe flash player 9.0.112.0
adobe flash player 9.0.20.0
adobe flash player 9.0.28
adobe flash professional
adobe flash player 7.0
adobe flash player 7.1.1
adobe flash player 7.2
adobe flash player 9.0.155.0
adobe flash player 9.0.31.0
adobe flash player 9.0.45.0
adobe air 1.0
adobe flex 3.0
adobe flash player 7.0_r67
adobe flash player 7.1
adobe flash player 8.0.35.0
adobe flash player 8.0.39.0
adobe flash player 9.0.114.0
adobe flash player 9.0.124.0
adobe flash player 9.0.28.0
adobe flash player 9.0.31
adobe flash basic
adobe flash player

Debian Bug report logs - #459071 CVE-2007-6637: Multiple cross-site scripting (XSS) vulnerabilities Package: flashplugin-nonfree; Maintainer for flashplugin-nonfree is Bart Martens <bartm@debianorg>; Source for flashplugin-nonfree is src:flashplugin-nonfree (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeri ...

source: wwwsecurityfocuscom/bid/28694/info Adobe Flash Player is prone to a remote code-execution vulnerability when handling certain embedded ActionScript objects An attacker may exploit this issue to execute arbitrary code in the context of the affected application Failed exploit attempts will likely result in denial-of-service condi ...

NVD-CWE-Other http://www.zerodayinitiative.com/advisories/ZDI-08-021 http://www.adobe.com/support/security/bulletins/apsb08-11.html http://www.redhat.com/support/errata/RHSA-2008-0221.html http://www.securityfocus.com/bid/28694 http://www.securitytracker.com/id?1019810 http://www.us-cert.gov/cas/techalerts/TA08-100A.html http://securityreason.com/securityalert/3805 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html http://secunia.com/advisories/29763 http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml http://secunia.com/advisories/29865 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://secunia.com/advisories/30430 http://secunia.com/advisories/30507 http://www.vupen.com/english/advisories/2008/1697 http://www.vupen.com/english/advisories/2008/1724/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41717 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160 http://www.securityfocus.com/archive/1/490824/100/0/threaded http://www.securityfocus.com/archive/1/490623/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=459071 https://nvd.nist.gov https://www.exploit-db.com/exploits/31630/

CVE-2007-6019

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect