CVE-2007-6245 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Flash Player

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

5.8MEDIUMNVD

EPSS

21.8%

top 4.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player

Timeline

PublishedDec 20

Latest updateMay 1

Description

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDadobe/flash_player7.0, 8.0, 9.0+2

🔴Vulnerability Details

GHSA

GHSA-4m5r-h54r-8x3g: Adobe Flash Player 9↗2022-05-01

▶

📋Vendor Advisories

Red Hat

flash: HTTP headers modification↗2007-12-17

▶

💬Community

Bugzilla

CVE-2007-6245 flash: HTTP headers modification↗2007-12-06

▶