CVE-2007-6149 — Adobe Connect Enterprise Server vulnerability

CWE-1894 documents4 sources

Severity

10.0CRITICALNVD

EPSS

33.7%

top 3.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Connect Enterprise Server Adobe Flash Media Server 2

Timeline

PublishedFeb 13

Latest updateMay 1

Description

Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted integer field that is used for allocation.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDadobe/connect_enterprise_server6

▶NVDadobe/flash_media2.0.4

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-jcph-f36w-q69j: Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2↗2022-05-01

▶

CVEList

CVE-2007-6149: Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2↗2008-02-13

▶

💥Exploits & PoCs

Exploit-DB

Joomla! Component mDigg 2.2.8 - 'category' SQL Injection↗2008-12-24

▶