CVE-2007-0071Improper Input Validation in Adobe Flash Player

CWE-189CWE-20Improper Input Validation7 documents6 sources
Severity
9.3CRITICALNVD
EPSS
84.7%
top 0.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Flash Player
Timeline
PublishedApr 9
Latest updateMay 1

Description

Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDadobe/flash_player8.08.0.39.0+1

🔴Vulnerability Details

2
GHSA
GHSA-3c7g-3984-748r: Integer overflow in Adobe Flash Player 92022-05-01
VulnCheck
Adobe Flash Player SWF Negative Scene Count Vulnerability2007

📋Vendor Advisories

1
Red Hat
Flash Player input validation error2008-04-08

🕵️Threat Intelligence

2
Talos
Flash Vulnerability Info2008-05-30
Talos
Flash Vulnerability Info2008-05-30

💬Community

1
Bugzilla
CVE-2007-0071 Flash Player input validation error2008-04-04