Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-3456Improper Input Validation in Adobe Flash Player

CWE-189CWE-20Improper Input Validation5 documents5 sources
Severity
9.3CRITICALNVD
EPSS
63.3%
top 1.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Flash Player
Timeline
PublishedJul 11
Latest updateMay 1

Description

Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDadobe/flash_player9.0.45.0+8

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

1
GHSA
GHSA-9g9c-g893-6m3w: Integer overflow in Adobe Flash Player 92022-05-01

💥Exploits & PoCs

1
Exploit-DB
Adobe Flash Player 8.0.24 - '.SWF' File Handling Remote Code Execution2007-07-10

📋Vendor Advisories

1
Red Hat
flash-plugin input validation flaw2007-07-10

💬Community

1
Bugzilla
CVE-2007-3456 flash-plugin input validation flaw2007-07-09