CVE-2007-0071
published 2008-04-09CVE-2007-0071: Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF…
PriorityP275critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
92.50%
99.8th percentile
Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | 8.0 – 8.0.39.0 | — |
| adobe | flash_player | 9.0 – 9.0.115.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for crafted SWF files containing a negative Scene Count value, which is the trigger for the integer overflow leading to buffer overflow exploitation. ↗
- →Malicious SWF files exploiting this CVE were observed circulating in the wild as of 2008-05-27; detections should focus on SWF file parsing of Scene Count fields. ↗
- ·The vulnerability affects Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier; version 9.0.124.0 was initially reported as affected but was later confirmed to be the patched version. ↗
- ·Initial 0-day classification by Symantec was incorrect; this was a working implementation of a known vulnerability described by Mark Dowd of IBM X-Force. ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3c7g-3984-748r: Integer overflow in Adobe Flash Player 9
ghsa_unreviewed·2022-05-01
CVE-2007-0071 [HIGH] GHSA-3c7g-3984-748r: Integer overflow in Adobe Flash Player 9
Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.
VulnCheck
Adobe Flash Player SWF Negative Scene Count Vulnerability
vulncheck·2007·CVSS 9.3
CVE-2007-0071 [CRITICAL] Adobe Flash Player SWF Negative Scene Count Vulnerability
Adobe Flash Player SWF Negative Scene Count Vulnerability
Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.
Affected: Adobe Flash Player
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.darkreading.com/cybersecurity-analytics/new-sql-injection-attacks-exploit-adobe-flash-flaw; https://www.virusbulletin.com/virusbulletin/2010/05/exploit-kit-explosion-part-two-vectors-attack/
Red Hat
Flash Player input validation error
vendor_redhat·2008-04-08·CVSS 9.3
CVE-2007-0071 [CRITICAL] CWE-20 Flash Player input validation error
Flash Player input validation error
Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-0071 Flash Player input validation error
bugzilla·2008-04-04·CVSS 9.3
CVE-2007-0071 [CRITICAL] CVE-2007-0071 Flash Player input validation error
CVE-2007-0071 Flash Player input validation error
Adobe Flash Player 9.0.124.0 fixes input validation errors that could result in
the execution of arbitrary code with the permissions of the user running Flash
Player.
Discussion:
Public now via:
http://www.adobe.com/support/security/bulletins/apsb08-11.html
Lifting embargo.
---
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0221.html
Talos
Flash Vulnerability Info
blogs_talos·2008-05-30·CVSS 9.3
[CRITICAL] Flash Vulnerability Info
## Flash Vulnerability Info
On 5-27-2008 Symantec issued a 0-day vulnerability alert pertaining to malicious flash (SWF) files circulating in the wild. The initial Symantec report stated that this issue was unknown and that it affected the latest version 9.0.124.0 of flash player and several other Adobe products that processed SWF files. Further analysis of the exploit files determined that the initial categorization of this as 0-day was incorrect and that this was actually a working implementation of the vulnerability described by Mark Dowd of the IBM X-Force team.
For more details on this flash vulnerability (CVE-2007-0071) then take a look at our analysis here:
http://www.snort.org/vrt/docs/analysis/flash-cve-2007-0071.html
Enjoy.
Talos
Flash Vulnerability Info
blogs_talos·2008-05-30·CVSS 9.3
[CRITICAL] Flash Vulnerability Info
On 5-27-2008 Symantec issued a 0-day vulnerability alert pertaining to malicious flash (SWF) files circulating in the wild. The initial Symantec report stated that this issue was unknown and that it affected the latest version 9.0.124.0 of flash player and several other Adobe products that processed SWF files. Further analysis of the exploit files determined that the initial categorization of this as 0-day was incorrect and that this was actually a working implementation of the vulnerability described by Mark Dowd of the IBM X-Force team.
For more details on this flash vulnerability (CVE-2007-0071) then take a look at our analysis here:
http://www.snort.org/vrt/docs/analysis/flash-cve-2007-0071.html
Enjoy.
http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.htmlhttp://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdfhttp://isc.sans.org/diary.html?storyid=4465http://lists.apple.com/archives/security-announce/2008//May/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.htmlhttp://secunia.com/advisories/29763http://secunia.com/advisories/29865http://secunia.com/advisories/30404http://secunia.com/advisories/30430http://secunia.com/advisories/30507http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1http://www.adobe.com/support/security/bulletins/apsb08-11.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200804-21.xmlhttp://www.iss.net/threats/289.htmlhttp://www.kb.cert.org/vuls/id/159523http://www.kb.cert.org/vuls/id/395473http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/http://www.osvdb.org/44282http://www.redhat.com/support/errata/RHSA-2008-0221.htmlhttp://www.securityfocus.com/bid/28695http://www.securityfocus.com/bid/29386http://www.securitytracker.com/id?1019811http://www.securitytracker.com/id?1020114http://www.us-cert.gov/cas/techalerts/TA08-100A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-149A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-150A.htmlhttp://www.vupen.com/english/advisories/2008/1662/referenceshttp://www.vupen.com/english/advisories/2008/1697http://www.vupen.com/english/advisories/2008/1724/referenceshttp://www.zerodayinitiative.com/advisories/ZDI-08-032/https://exchange.xforce.ibmcloud.com/vulnerabilities/37277https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.htmlhttp://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdfhttp://isc.sans.org/diary.html?storyid=4465http://lists.apple.com/archives/security-announce/2008//May/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.htmlhttp://secunia.com/advisories/29763http://secunia.com/advisories/29865http://secunia.com/advisories/30404http://secunia.com/advisories/30430http://secunia.com/advisories/30507http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1http://www.adobe.com/support/security/bulletins/apsb08-11.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200804-21.xmlhttp://www.iss.net/threats/289.htmlhttp://www.kb.cert.org/vuls/id/159523http://www.kb.cert.org/vuls/id/395473http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/http://www.osvdb.org/44282http://www.redhat.com/support/errata/RHSA-2008-0221.htmlhttp://www.securityfocus.com/bid/28695http://www.securityfocus.com/bid/29386http://www.securitytracker.com/id?1019811http://www.securitytracker.com/id?1020114http://www.us-cert.gov/cas/techalerts/TA08-100A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-149A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-150A.htmlhttp://www.vupen.com/english/advisories/2008/1662/referenceshttp://www.vupen.com/english/advisories/2008/1697http://www.vupen.com/english/advisories/2008/1724/referenceshttp://www.zerodayinitiative.com/advisories/ZDI-08-032/https://exchange.xforce.ibmcloud.com/vulnerabilities/37277https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379
2008-04-09
Published
Exploited in the wild