CVE-2007-3456
published 2007-07-11CVE-2007-3456: Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long…
PriorityP359critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
56.31%
98.9th percentile
Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | <= 9.0.45.0 | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect crafted SWF or FLV files containing an abnormally large length value for a Long string or XML variable type, which may indicate exploitation of the integer overflow in Adobe Flash Player. ↗
- →Flag delivery of .SWF files from untrusted or unexpected sources to end users, as the exploit vector involves tricking a victim into opening a malicious SWF file. ↗
- →Monitor for Flash Player process executing arbitrary code following parsing of SWF/FLV content, consistent with a signed integer comparison bypass on length values assumed to be non-negative. ↗
- ·Affected versions span multiple major branches of Adobe Flash Player; ensure detection coverage includes all three affected version lines. ↗
- ·The vulnerability is triggered via both FLV and SWF file formats; detection rules should cover both file types, not just SWF. ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9g9c-g893-6m3w: Integer overflow in Adobe Flash Player 9
ghsa_unreviewed·2022-05-01
CVE-2007-3456 [HIGH] GHSA-9g9c-g893-6m3w: Integer overflow in Adobe Flash Player 9
Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.
Red Hat
flash-plugin input validation flaw
vendor_redhat·2007-07-10·CVSS 9.3
CVE-2007-3456 [CRITICAL] CWE-20 flash-plugin input validation flaw
flash-plugin input validation flaw
Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.
No detection rules found.
http://docs.info.apple.com/article.html?artnum=307041http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.htmlhttp://osvdb.org/38054http://secunia.com/advisories/26027http://secunia.com/advisories/26057http://secunia.com/advisories/26118http://secunia.com/advisories/26357http://secunia.com/advisories/27643http://secunia.com/advisories/28068http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1http://www.adobe.com/support/security/bulletins/apsb07-12.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200708-01.xmlhttp://www.kb.cert.org/vuls/id/730785http://www.mindedsecurity.com/labs/advisories/MSA01110707http://www.novell.com/linux/security/advisories/2007_46_flashplayer.htmlhttp://www.securityfocus.com/archive/1/473655/100/0/threadedhttp://www.securityfocus.com/archive/1/474163/100/200/threadedhttp://www.securityfocus.com/archive/1/474248/30/5760/threadedhttp://www.securityfocus.com/bid/24856http://www.securityfocus.com/bid/26444http://www.securitytracker.com/id?1018359http://www.us-cert.gov/cas/techalerts/TA07-192A.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-319A.htmlhttp://www.vupen.com/english/advisories/2007/2497http://www.vupen.com/english/advisories/2007/3868http://www.vupen.com/english/advisories/2007/4190https://exchange.xforce.ibmcloud.com/vulnerabilities/35337https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11493https://rhn.redhat.com/errata/RHSA-2007-0696.htmlhttp://docs.info.apple.com/article.html?artnum=307041http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.htmlhttp://osvdb.org/38054http://secunia.com/advisories/26027http://secunia.com/advisories/26057http://secunia.com/advisories/26118http://secunia.com/advisories/26357http://secunia.com/advisories/27643http://secunia.com/advisories/28068http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1http://www.adobe.com/support/security/bulletins/apsb07-12.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200708-01.xmlhttp://www.kb.cert.org/vuls/id/730785http://www.mindedsecurity.com/labs/advisories/MSA01110707http://www.novell.com/linux/security/advisories/2007_46_flashplayer.htmlhttp://www.securityfocus.com/archive/1/473655/100/0/threadedhttp://www.securityfocus.com/archive/1/474163/100/200/threadedhttp://www.securityfocus.com/archive/1/474248/30/5760/threadedhttp://www.securityfocus.com/bid/24856http://www.securityfocus.com/bid/26444http://www.securitytracker.com/id?1018359http://www.us-cert.gov/cas/techalerts/TA07-192A.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-319A.htmlhttp://www.vupen.com/english/advisories/2007/2497http://www.vupen.com/english/advisories/2007/3868http://www.vupen.com/english/advisories/2007/4190https://exchange.xforce.ibmcloud.com/vulnerabilities/35337https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11493https://rhn.redhat.com/errata/RHSA-2007-0696.html
2007-07-11
Published