Vulnerability CVE-2007-3456

Vulnerability Name:

CVE-2007-3456 (CCN-35337)

Assigned:

2007-07-10

Published:

2007-07-10

Updated:

2018-10-16

Summary:

Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.

CVSS v3 Severity:

9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
6.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-189

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2007-3456

Source: CCN
Type: Apple Web site
About the security content of Mac OS X 10.4.11 and Security Update 2007-008

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307041

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-11-14

Source: OSVDB
Type: UNKNOWN
38054

Source: CCN
Type: RHSA-2007-0696
Critical: flash-plugin security update

Source: CCN
Type: SA26027
Adobe Flash Player Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
26027

Source: SECUNIA
Type: Vendor Advisory
26057

Source: SECUNIA
Type: Vendor Advisory
26118

Source: SECUNIA
Type: Vendor Advisory
26357

Source: CCN
Type: SA27643
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
27643

Source: SECUNIA
Type: Vendor Advisory
28068

Source: CCN
Type: SECTRACK ID: 1018359
Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code or Conduct Cross-Site Request Forgery Attacks

Source: CCN
Type: Sun Alert ID: 103167
Security Vulnerabilities in Adobe Flash Player May Allow Unauthorized System Access or Generation of HTTP Requests

Source: SUNALERT
Type: UNKNOWN
103167

Source: SUNALERT
Type: UNKNOWN
201506

Source: CCN
Type: ASA-2007-362
flash-plugin security update (RHSA-2007-0696)

Source: CCN
Type: ASA-2007-530
Security Vulnerabilities in Adobe Flash Player May Allow Unauthorized System Access or Generation of HTTP Requests (Sun 103167)

Source: CCN
Type: Adobe Product Security Bulletin APSB07-12
Flash Player update available to address security vulnerabilities

Source: CONFIRM
Type: Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb07-12.html

Source: CCN
Type: GLSA-200708-01
Macromedia Flash Player: Remote arbitrary code execution

Source: GENTOO
Type: UNKNOWN
GLSA-200708-01

Source: CCN
Type: US-CERT VU#730785
Adobe Flash Player FLV integer overflow

Source: CERT-VN
Type: US Government Resource
VU#730785

Source: CCN
Type: Minded Security Labs: Advisory #MSA01110707
Flash Player/Plugin Video file parsing Remote Code Execution

Source: MISC
Type: UNKNOWN
http://www.mindedsecurity.com/labs/advisories/MSA01110707

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:046

Source: CCN
Type: OSVDB ID: 38054
Adobe Flash Player Crafted FLV / SWF Handling Overflow

Source: BUGTRAQ
Type: UNKNOWN
20070713 [MSA01110707] Flash Player/Plugin Video file parsing Remote CodeExecution

Source: BUGTRAQ
Type: UNKNOWN
20070719 Wii's Internet Channel affected to Flash FLV parser vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20070720 FLEA-2007-0032-1: flashplayer

Source: BID
Type: UNKNOWN
24856

Source: CCN
Type: BID-24856
Adobe Flash Player SWF File Handling Remote Code Execution Vulnerability

Source: BID
Type: UNKNOWN
26444

Source: CCN
Type: BID-26444
Apple Mac OS X v10.4.11 2007-008 Multiple Security Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1018359

Source: CCN
Type: TLSA-2007-36
Three vulnerabilities discovered in flash-player

Source: CERT
Type: US Government Resource
TA07-192A

Source: CERT
Type: US Government Resource
TA07-319A

Source: VUPEN
Type: Vendor Advisory
ADV-2007-2497

Source: VUPEN
Type: Vendor Advisory
ADV-2007-3868

Source: VUPEN
Type: Vendor Advisory
ADV-2007-4190

Source: XF
Type: UNKNOWN
flashplayer-swf-code-execution(35337)

Source: XF
Type: UNKNOWN
flashplayer-swf-code-execution(35337)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11493

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0696

Source: SUSE
Type: SUSE-SA:2007:046
flash-player security problems

Vulnerable Configuration:

Configuration 1:

cpe:/a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 9.0.45.0)

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:flash_player_for_linux:9.0.115.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20073456	V	CVE-2007-3456	2015-11-16
oval:org.mitre.oval:def:22507	P	ELSA-2007:0696: flash-plugin security update (Critical)	2014-05-26
oval:org.mitre.oval:def:11493	V	Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.	2010-09-06
oval:com.redhat.rhsa:def:20070696	P	RHSA-2007:0696: flash-plugin security update (Critical)	2007-07-12

BACK