Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6019

CWE-20Improper Input Validation6 documents6 sources
Severity
9.3CRITICAL
EPSS
66.2%
top 1.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Adobe Flash PlayerAdobe AIRAdobe Flash+1 more
Timeline
PublishedApr 9
Latest updateMay 1

Description

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDadobe/flash_player9.0.115.0+32
NVDadobe/flashbasic, professional+1
NVDadobe/air1.0
NVDadobe/flex3.0

Patches

Patch: www.adobe.comPatch: www.securityfocus.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-9g7g-pmg2-qx9r: Adobe Flash Player 92022-05-01
CVEList
CVE-2007-6019: Adobe Flash Player 92008-04-09

💥Exploits & PoCs

1
Exploit-DB
Adobe Flash Player 8/9.0.x - '.SWF' File 'DeclareFunction2' ActionScript Tag Remote Code Execution2008-04-08

📋Vendor Advisories

1
Red Hat
Flash Player input validation error2008-04-08

💬Community

1
Bugzilla
CVE-2007-6019 Flash Player input validation error2008-04-04
CVE-2007-6019 (CRITICAL CVSS 9.3) | Adobe Flash Player 9.0.115.0 and ea | cvebase.io