CVE-2007-2022 — Sensitive Information Exposure in Adobe Flash Player

CWE-200 — Sensitive Information Exposure CWE-20 — Improper Input Validation CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents10 sources

Severity

6.8MEDIUMNVD

CISA9.8CISA7.8

EPSS

12.0%

top 6.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Opera Browser

Timeline

PublishedApr 13

Latest updateOct 27

Description

Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDadobe/flash_player5 versions+4

▶NVDopera/opera_browser44 versions+43

🔴Vulnerability Details

GHSA

GHSA-x42c-gqrm-5gfv: Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9↗2022-05-03

▶

CVEList

CVE-2007-2022: Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9↗2007-04-13

▶

💥Exploits & PoCs

Exploit-DB

News Rover 12.1 Rev 1 - Stack Overflow (2)↗2007-02-24

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2022-2007 Use after free in WebGPU↗2022-06-14

▶

Chrome

Stable Channel Update for Desktop: CVE-2022-2007↗2022-06-09

▶

CISA

Adobe Acrobat and Reader Buffer Overflow Vulnerability↗2022-06-08

▶

CISA

Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability↗2022-04-15

▶

Red Hat

kdebase3 flash-player interaction problem↗2007-05-25

▶

🕵️Threat Intelligence

Trendmicro

Where is the Origin QAKBOT Uses Valid Code Signing↗2022-10-27

▶

💬Community

Bugzilla

CVE-2007-2022 kdebase3 flash-player interaction problem↗2007-06-10

▶