9.3
CVSSv2

CVE-2007-6019

Published: 09/04/2008 Updated: 30/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe Flash Player 9.0.115.0 and previous versions, and 8.0.39.0 and previous versions, allows remote malicious users to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.

Affected Products

Vendor Product Versions
AdobeAir1.0
AdobeFlashBasic, Professional
AdobeFlash Player7.0, 7.0.1, 7.0.25, 7.0.63, 7.0.69.0, 7.0.70.0, 7.0 R67, 7.1, 7.1.1, 7.2, 8, 8.0, 8.0.24.0, 8.0.34.0, 8.0.35.0, 8.0.39.0, 9.0, 9.0.16, 9.0.18d60, 9.0.20, 9.0.20.0, 9.0.28, 9.0.28.0, 9.0.31, 9.0.31.0, 9.0.45.0, 9.0.47.0, 9.0.48.0, 9.0.112.0, 9.0.114.0, 9.0.115.0, 9.0.124.0, 9.0.155.0
AdobeFlex3.0

Vendor Advisories

Debian Bug report logs - #459071 CVE-2007-6637: Multiple cross-site scripting (XSS) vulnerabilities Package: flashplugin-nonfree; Maintainer for flashplugin-nonfree is Bart Martens <bartm@debianorg>; Source for flashplugin-nonfree is src:flashplugin-nonfree (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeri ...

Exploits

source: wwwsecurityfocuscom/bid/28694/info Adobe Flash Player is prone to a remote code-execution vulnerability when handling certain embedded ActionScript objects An attacker may exploit this issue to execute arbitrary code in the context of the affected application Failed exploit attempts will likely result in denial-of-service condi ...