Vulnerability-Lookup

RHSA-2008_0221

Vulnerability from csaf_redhat - Published: 2008-04-08 23:28 - Updated: 2024-11-14 10:05

Summary

Red Hat Security Advisory: flash-plugin security update

Severity

Critical

Notes

Topic: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details: The flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in. Several input validation flaws were found in the way Flash Player displayed certain content. These may have made it possible to execute arbitrary code on a victim's machine, if the victim opened a malicious Adobe Flash file. (CVE-2007-0071, CVE-2007-6019) A flaw was found in the way Flash Player established TCP sessions to remote hosts. A remote attacker could, consequently, use Flash Player to conduct a DNS rebinding attack. (CVE-2007-5275, CVE-2008-1655) A flaw was found in the way Flash Player restricted the interpretation and usage of cross-domain policy files. A remote attacker could use Flash Player to conduct cross-domain and cross-site scripting attacks. (CVE-2007-6243, CVE-2008-1654) A flaw was found in the way Flash Player interacted with web browsers. An attacker could use malicious content presented by Flash Player to conduct a cross-site scripting attack. (CVE-2007-6637) All users of Adobe Flash Player should upgrade to this updated package, which contains Flash Player version 9.0.124.0 and resolves these issues.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2007-0071

Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.

CWE-20 - Improper Input Validation

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386	—	Vendor Fix fix

Threats

Impact Critical

CVE-2007-5275

The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386	—	Vendor Fix fix

Threats

Impact Low

CVE-2007-6019

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.

CWE-20 - Improper Input Validation

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386	—	Vendor Fix fix

Threats

Impact Critical

CVE-2007-6243

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-6637

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1.

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2008-1654

Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2008-1655

Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2008-3872

Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations.

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386	—	Vendor Fix fix
Unresolved product id: 4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386	—	Vendor Fix fix
Unresolved product id: 5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386	—	Vendor Fix fix

Threats

Impact Moderate

References

42 references

URL	Category
https://access.redhat.com/errata/RHSA-2008:0221	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=367501	external
https://bugzilla.redhat.com/show_bug.cgi?id=440664	external
https://bugzilla.redhat.com/show_bug.cgi?id=440666	external
https://bugzilla.redhat.com/show_bug.cgi?id=440683	external
https://bugzilla.redhat.com/show_bug.cgi?id=440684	external
https://bugzilla.redhat.com/show_bug.cgi?id=440696	external
https://bugzilla.redhat.com/show_bug.cgi?id=440698	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2007-0071	self
https://bugzilla.redhat.com/show_bug.cgi?id=440684	external
https://www.cve.org/CVERecord?id=CVE-2007-0071	external
https://nvd.nist.gov/vuln/detail/CVE-2007-0071	external
https://access.redhat.com/security/cve/CVE-2007-5275	self
https://bugzilla.redhat.com/show_bug.cgi?id=367501	external
https://www.cve.org/CVERecord?id=CVE-2007-5275	external
https://nvd.nist.gov/vuln/detail/CVE-2007-5275	external
https://access.redhat.com/security/cve/CVE-2007-6019	self
https://bugzilla.redhat.com/show_bug.cgi?id=440683	external
https://www.cve.org/CVERecord?id=CVE-2007-6019	external
https://nvd.nist.gov/vuln/detail/CVE-2007-6019	external
https://access.redhat.com/security/cve/CVE-2007-6243	self
https://bugzilla.redhat.com/show_bug.cgi?id=440664	external
https://www.cve.org/CVERecord?id=CVE-2007-6243	external
https://nvd.nist.gov/vuln/detail/CVE-2007-6243	external
https://access.redhat.com/security/cve/CVE-2007-6637	self
https://bugzilla.redhat.com/show_bug.cgi?id=440666	external
https://www.cve.org/CVERecord?id=CVE-2007-6637	external
https://nvd.nist.gov/vuln/detail/CVE-2007-6637	external
https://access.redhat.com/security/cve/CVE-2008-1654	self
https://bugzilla.redhat.com/show_bug.cgi?id=440698	external
https://www.cve.org/CVERecord?id=CVE-2008-1654	external
https://nvd.nist.gov/vuln/detail/CVE-2008-1654	external
https://access.redhat.com/security/cve/CVE-2008-1655	self
https://bugzilla.redhat.com/show_bug.cgi?id=440696	external
https://www.cve.org/CVERecord?id=CVE-2008-1655	external
https://nvd.nist.gov/vuln/detail/CVE-2008-1655	external
https://access.redhat.com/security/cve/CVE-2008-3872	self
https://bugzilla.redhat.com/show_bug.cgi?id=1618334	external
https://www.cve.org/CVERecord?id=CVE-2008-3872	external
https://nvd.nist.gov/vuln/detail/CVE-2008-3872	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Adobe Flash Player package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise\nLinux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nSeveral input validation flaws were found in the way Flash Player displayed\ncertain content. These may have made it possible to execute arbitrary code\non a victim\u0027s machine, if the victim opened a malicious Adobe Flash file.\n(CVE-2007-0071, CVE-2007-6019)\n\nA flaw was found in the way Flash Player established TCP sessions to remote\nhosts. A remote attacker could, consequently, use Flash Player to conduct a\nDNS rebinding attack. (CVE-2007-5275, CVE-2008-1655)\n\nA flaw was found in the way Flash Player restricted the interpretation and\nusage of cross-domain policy files. A remote attacker could use Flash\nPlayer to conduct cross-domain and cross-site scripting attacks.\n(CVE-2007-6243, CVE-2008-1654)\n\nA flaw was found in the way Flash Player interacted with web browsers. An\nattacker could use malicious content presented by Flash Player to conduct a\ncross-site scripting attack. (CVE-2007-6637)\n\nAll users of Adobe Flash Player should upgrade to this updated package,\nwhich contains Flash Player version 9.0.124.0 and resolves these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0221",
        "url": "https://access.redhat.com/errata/RHSA-2008:0221"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "367501",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=367501"
      },
      {
        "category": "external",
        "summary": "440664",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440664"
      },
      {
        "category": "external",
        "summary": "440666",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440666"
      },
      {
        "category": "external",
        "summary": "440683",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440683"
      },
      {
        "category": "external",
        "summary": "440684",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440684"
      },
      {
        "category": "external",
        "summary": "440696",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440696"
      },
      {
        "category": "external",
        "summary": "440698",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440698"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0221.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:05:59+00:00",
      "generator": {
        "date": "2024-11-14T10:05:59+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2008:0221",
      "initial_release_date": "2008-04-08T23:28:00+00:00",
      "revision_history": [
        {
          "date": "2008-04-08T23:28:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-04-08T19:28:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:05:59+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
                  "product_id": "flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.124.0-1.el3.with.oss?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.124.0-1.el5.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.124.0-1.el5.i386",
                  "product_id": "flash-plugin-0:9.0.124.0-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.124.0-1.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "flash-plugin-0:9.0.124.0-1.el4.i386",
                "product": {
                  "name": "flash-plugin-0:9.0.124.0-1.el4.i386",
                  "product_id": "flash-plugin-0:9.0.124.0-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@9.0.124.0-1.el4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.124.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.124.0-1.el3.with.oss.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.124.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.124.0-1.el3.with.oss.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386"
        },
        "product_reference": "flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.124.0-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.124.0-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.124.0-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.124.0-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.124.0-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.124.0-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.124.0-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386"
        },
        "product_reference": "flash-plugin-0:9.0.124.0-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.124.0-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:9.0.124.0-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:9.0.124.0-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
        },
        "product_reference": "flash-plugin-0:9.0.124.0-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-0071",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2008-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "440684"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Flash Player input validation error",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0071"
        },
        {
          "category": "external",
          "summary": "RHBZ#440684",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440684"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0071",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0071"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0071",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0071"
        }
      ],
      "release_date": "2008-04-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-08T23:28:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0221"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Flash Player input validation error"
    },
    {
      "cve": "CVE-2007-5275",
      "discovery_date": "2007-11-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "367501"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser\u0027s DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Flash plugin DNS rebinding",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5275"
        },
        {
          "category": "external",
          "summary": "RHBZ#367501",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=367501"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5275",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5275"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5275",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5275"
        }
      ],
      "release_date": "2007-10-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-08T23:28:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0221"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Flash plugin DNS rebinding"
    },
    {
      "cve": "CVE-2007-6019",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2008-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "440683"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Flash Player input validation error",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6019"
        },
        {
          "category": "external",
          "summary": "RHBZ#440683",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440683"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6019",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6019"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6019",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6019"
        }
      ],
      "release_date": "2008-04-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-08T23:28:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0221"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Flash Player input validation error"
    },
    {
      "cve": "CVE-2007-6243",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "440664"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Flash Player cross-domain and cross-site scripting flaws",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6243"
        },
        {
          "category": "external",
          "summary": "RHBZ#440664",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440664"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6243",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6243"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6243",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6243"
        }
      ],
      "release_date": "2007-12-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-08T23:28:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0221"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Flash Player cross-domain and cross-site scripting flaws"
    },
    {
      "cve": "CVE-2007-6637",
      "discovery_date": "2008-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "440666"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to \"pre-generated SWF files\" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect.  NOTE: the asfunction: vector is already covered by CVE-2007-6244.1.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Flash Player content injection flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6637"
        },
        {
          "category": "external",
          "summary": "RHBZ#440666",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440666"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6637",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6637"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6637",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6637"
        }
      ],
      "release_date": "2008-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-08T23:28:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0221"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Flash Player content injection flaw"
    },
    {
      "cve": "CVE-2008-1654",
      "discovery_date": "2008-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "440698"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Flash Player cross domain HTTP header flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1654"
        },
        {
          "category": "external",
          "summary": "RHBZ#440698",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440698"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1654",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1654"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1654",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1654"
        }
      ],
      "release_date": "2008-04-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-08T23:28:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0221"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Flash Player cross domain HTTP header flaw"
    },
    {
      "cve": "CVE-2008-1655",
      "discovery_date": "2008-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "440696"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Flash Player DNS rebind flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1655"
        },
        {
          "category": "external",
          "summary": "RHBZ#440696",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440696"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1655",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1655"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1655",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1655"
        }
      ],
      "release_date": "2008-04-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-08T23:28:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0221"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Flash Player DNS rebind flaw"
    },
    {
      "cve": "CVE-2008-3872",
      "discovery_date": "2008-09-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618334"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified \"Filter evasion\" manipulations.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
          "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
          "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386",
          "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3872"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618334",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618334"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3872",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3872"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3872",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3872"
        }
      ],
      "release_date": "2008-04-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-08T23:28:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3Desktop-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3ES-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "3WS-LACD:flash-plugin-0:9.0.124.0-1.el3.with.oss.i386",
            "4AS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4Desktop-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4ES-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "4WS-LACD:flash-plugin-0:9.0.124.0-1.el4.i386",
            "5Client-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386",
            "5Server-Supplementary:flash-plugin-0:9.0.124.0-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0221"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    }
  ]
}

CVE-2007-0071 (GCVE-0-2007-0071)

Vulnerability from cvelistv5 – Published: 2008-04-09 21:00 – Updated: 2024-08-07 12:03

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

32 references

URL	Tags
http://www.securitytracker.com/id?1020114	vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/29865	third-party-advisoryx_refsource_SECUNIA
http://documents.iss.net/whitepapers/IBM_X-Force_…	x_refsource_MISC
http://secunia.com/advisories/30507	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/29386	vdb-entryx_refsource_BID
http://www.us-cert.gov/cas/techalerts/TA08-149A.html	third-party-advisoryx_refsource_CERT
http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/1724…	vdb-entryx_refsource_VUPEN
http://www.matasano.com/log/1032/this-new-vulnera…	x_refsource_MISC
http://blogs.adobe.com/psirt/2008/05/potential_fl…	x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2008-02…	vendor-advisoryx_refsource_REDHAT
http://www.us-cert.gov/cas/techalerts/TA08-150A.html	third-party-advisoryx_refsource_CERT
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://www.zerodayinitiative.com/advisories/ZDI-08-032/	x_refsource_MISC
http://www.vupen.com/english/advisories/2008/1662…	vdb-entryx_refsource_VUPEN
http://www.osvdb.org/44282	vdb-entryx_refsource_OSVDB
http://isc.sans.org/diary.html?storyid=4465	x_refsource_MISC
http://secunia.com/advisories/30430	third-party-advisoryx_refsource_SECUNIA
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/28695	vdb-entryx_refsource_BID
http://secunia.com/advisories/29763	third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1019811	vdb-entryx_refsource_SECTRACK
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://www.gentoo.org/security/en/glsa/glsa-20080…	vendor-advisoryx_refsource_GENTOO
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.vupen.com/english/advisories/2008/1697	vdb-entryx_refsource_VUPEN
http://www.kb.cert.org/vuls/id/159523	third-party-advisoryx_refsource_CERT-VN
http://www.us-cert.gov/cas/techalerts/TA08-100A.html	third-party-advisoryx_refsource_CERT
http://www.kb.cert.org/vuls/id/395473	third-party-advisoryx_refsource_CERT-VN
http://www.iss.net/threats/289.html	third-party-advisoryx_refsource_ISS
http://secunia.com/advisories/30404	third-party-advisoryx_refsource_SECUNIA

Date Public ?

2008-04-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:03:37.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1020114",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020114"
          },
          {
            "name": "29865",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29865"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf"
          },
          {
            "name": "30507",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30507"
          },
          {
            "name": "29386",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29386"
          },
          {
            "name": "TA08-149A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-149A.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
          },
          {
            "name": "ADV-2008-1724",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1724/references"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html"
          },
          {
            "name": "RHSA-2008:0221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
          },
          {
            "name": "TA08-150A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10379",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-032/"
          },
          {
            "name": "ADV-2008-1662",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1662/references"
          },
          {
            "name": "44282",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/44282"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.org/diary.html?storyid=4465"
          },
          {
            "name": "30430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30430"
          },
          {
            "name": "APPLE-SA-2008-05-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
          },
          {
            "name": "SUSE-SA:2008:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
          },
          {
            "name": "28695",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28695"
          },
          {
            "name": "29763",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29763"
          },
          {
            "name": "1019811",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019811"
          },
          {
            "name": "238305",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
          },
          {
            "name": "GLSA-200804-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
          },
          {
            "name": "multimedia-file-integer-overflow(37277)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37277"
          },
          {
            "name": "ADV-2008-1697",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1697"
          },
          {
            "name": "VU#159523",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/159523"
          },
          {
            "name": "TA08-100A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
          },
          {
            "name": "VU#395473",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/395473"
          },
          {
            "name": "20080408 Adobe Flash Player Invalid Pointer Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_ISS",
              "x_transferred"
            ],
            "url": "http://www.iss.net/threats/289.html"
          },
          {
            "name": "30404",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30404"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-18T22:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1020114",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020114"
        },
        {
          "name": "29865",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29865"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf"
        },
        {
          "name": "30507",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30507"
        },
        {
          "name": "29386",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29386"
        },
        {
          "name": "TA08-149A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-149A.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
        },
        {
          "name": "ADV-2008-1724",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1724/references"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html"
        },
        {
          "name": "RHSA-2008:0221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
        },
        {
          "name": "TA08-150A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10379",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-032/"
        },
        {
          "name": "ADV-2008-1662",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1662/references"
        },
        {
          "name": "44282",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/44282"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.org/diary.html?storyid=4465"
        },
        {
          "name": "30430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30430"
        },
        {
          "name": "APPLE-SA-2008-05-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
        },
        {
          "name": "SUSE-SA:2008:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
        },
        {
          "name": "28695",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28695"
        },
        {
          "name": "29763",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29763"
        },
        {
          "name": "1019811",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019811"
        },
        {
          "name": "238305",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
        },
        {
          "name": "GLSA-200804-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
        },
        {
          "name": "multimedia-file-integer-overflow(37277)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37277"
        },
        {
          "name": "ADV-2008-1697",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1697"
        },
        {
          "name": "VU#159523",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/159523"
        },
        {
          "name": "TA08-100A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
        },
        {
          "name": "VU#395473",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/395473"
        },
        {
          "name": "20080408 Adobe Flash Player Invalid Pointer Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_ISS"
          ],
          "url": "http://www.iss.net/threats/289.html"
        },
        {
          "name": "30404",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30404"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0071",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1020114",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020114"
            },
            {
              "name": "29865",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29865"
            },
            {
              "name": "http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf",
              "refsource": "MISC",
              "url": "http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf"
            },
            {
              "name": "30507",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30507"
            },
            {
              "name": "29386",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29386"
            },
            {
              "name": "TA08-149A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-149A.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
            },
            {
              "name": "ADV-2008-1724",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1724/references"
            },
            {
              "name": "http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/",
              "refsource": "MISC",
              "url": "http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/"
            },
            {
              "name": "http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html",
              "refsource": "MISC",
              "url": "http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html"
            },
            {
              "name": "RHSA-2008:0221",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
            },
            {
              "name": "TA08-150A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10379",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-032/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-032/"
            },
            {
              "name": "ADV-2008-1662",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1662/references"
            },
            {
              "name": "44282",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/44282"
            },
            {
              "name": "http://isc.sans.org/diary.html?storyid=4465",
              "refsource": "MISC",
              "url": "http://isc.sans.org/diary.html?storyid=4465"
            },
            {
              "name": "30430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30430"
            },
            {
              "name": "APPLE-SA-2008-05-28",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
            },
            {
              "name": "SUSE-SA:2008:022",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
            },
            {
              "name": "28695",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28695"
            },
            {
              "name": "29763",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29763"
            },
            {
              "name": "1019811",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019811"
            },
            {
              "name": "238305",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
            },
            {
              "name": "GLSA-200804-21",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
            },
            {
              "name": "multimedia-file-integer-overflow(37277)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37277"
            },
            {
              "name": "ADV-2008-1697",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1697"
            },
            {
              "name": "VU#159523",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/159523"
            },
            {
              "name": "TA08-100A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
            },
            {
              "name": "VU#395473",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/395473"
            },
            {
              "name": "20080408 Adobe Flash Player Invalid Pointer Vulnerability",
              "refsource": "ISS",
              "url": "http://www.iss.net/threats/289.html"
            },
            {
              "name": "30404",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30404"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0071",
    "datePublished": "2008-04-09T21:00:00.000Z",
    "dateReserved": "2007-01-04T00:00:00.000Z",
    "dateUpdated": "2024-08-07T12:03:37.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-5275 (GCVE-0-2007-5275)

Vulnerability from cvelistv5 – Published: 2007-10-08 23:00 – Updated: 2024-08-07 15:24

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

28 references

URL	Tags
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/29865	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/28157	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/30507	third-party-advisoryx_refsource_SECUNIA
http://crypto.stanford.edu/dns/dns-rebinding.pdf	x_refsource_MISC
http://secunia.com/advisories/28570	third-party-advisoryx_refsource_SECUNIA
http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/1724…	vdb-entryx_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA07-355A.html	third-party-advisoryx_refsource_CERT
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://www.gentoo.org/security/en/glsa/glsa-20080…	vendor-advisoryx_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2008-02…	vendor-advisoryx_refsource_REDHAT
http://www.us-cert.gov/cas/techalerts/TA08-150A.html	third-party-advisoryx_refsource_CERT
http://secunia.com/advisories/30430	third-party-advisoryx_refsource_SECUNIA
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/28161	third-party-advisoryx_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-11…	vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/29763	third-party-advisoryx_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://www.securityfocus.com/bid/26930	vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2007/4258	vdb-entryx_refsource_VUPEN
http://securitytracker.com/id?1019116	vdb-entryx_refsource_SECTRACK
http://www.gentoo.org/security/en/glsa/glsa-20080…	vendor-advisoryx_refsource_GENTOO
http://www.vupen.com/english/advisories/2008/1697	vdb-entryx_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA08-100A.html	third-party-advisoryx_refsource_CERT
http://secunia.com/advisories/28213	third-party-advisoryx_refsource_SECUNIA
http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM

Date Public ?

2007-07-24 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:24:42.481Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SA:2007:069",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
          },
          {
            "name": "29865",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29865"
          },
          {
            "name": "28157",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28157"
          },
          {
            "name": "30507",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30507"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://crypto.stanford.edu/dns/dns-rebinding.pdf"
          },
          {
            "name": "28570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28570"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
          },
          {
            "name": "ADV-2008-1724",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1724/references"
          },
          {
            "name": "TA07-355A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:9250",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9250"
          },
          {
            "name": "GLSA-200801-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
          },
          {
            "name": "RHSA-2008:0221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
          },
          {
            "name": "TA08-150A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
          },
          {
            "name": "30430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30430"
          },
          {
            "name": "APPLE-SA-2008-05-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
          },
          {
            "name": "SUSE-SA:2008:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
          },
          {
            "name": "28161",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28161"
          },
          {
            "name": "RHSA-2007:1126",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1126.html"
          },
          {
            "name": "29763",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29763"
          },
          {
            "name": "238305",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
          },
          {
            "name": "26930",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26930"
          },
          {
            "name": "ADV-2007-4258",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4258"
          },
          {
            "name": "1019116",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019116"
          },
          {
            "name": "GLSA-200804-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
          },
          {
            "name": "ADV-2008-1697",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1697"
          },
          {
            "name": "TA08-100A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
          },
          {
            "name": "28213",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28213"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser\u0027s DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SA:2007:069",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
        },
        {
          "name": "29865",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29865"
        },
        {
          "name": "28157",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28157"
        },
        {
          "name": "30507",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30507"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://crypto.stanford.edu/dns/dns-rebinding.pdf"
        },
        {
          "name": "28570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28570"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
        },
        {
          "name": "ADV-2008-1724",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1724/references"
        },
        {
          "name": "TA07-355A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:9250",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9250"
        },
        {
          "name": "GLSA-200801-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
        },
        {
          "name": "RHSA-2008:0221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
        },
        {
          "name": "TA08-150A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
        },
        {
          "name": "30430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30430"
        },
        {
          "name": "APPLE-SA-2008-05-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
        },
        {
          "name": "SUSE-SA:2008:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
        },
        {
          "name": "28161",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28161"
        },
        {
          "name": "RHSA-2007:1126",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1126.html"
        },
        {
          "name": "29763",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29763"
        },
        {
          "name": "238305",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
        },
        {
          "name": "26930",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26930"
        },
        {
          "name": "ADV-2007-4258",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4258"
        },
        {
          "name": "1019116",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019116"
        },
        {
          "name": "GLSA-200804-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
        },
        {
          "name": "ADV-2008-1697",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1697"
        },
        {
          "name": "TA08-100A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
        },
        {
          "name": "28213",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28213"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5275",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser\u0027s DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SA:2007:069",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
            },
            {
              "name": "29865",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29865"
            },
            {
              "name": "28157",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28157"
            },
            {
              "name": "30507",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30507"
            },
            {
              "name": "http://crypto.stanford.edu/dns/dns-rebinding.pdf",
              "refsource": "MISC",
              "url": "http://crypto.stanford.edu/dns/dns-rebinding.pdf"
            },
            {
              "name": "28570",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28570"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
            },
            {
              "name": "ADV-2008-1724",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1724/references"
            },
            {
              "name": "TA07-355A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:9250",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9250"
            },
            {
              "name": "GLSA-200801-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
            },
            {
              "name": "RHSA-2008:0221",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
            },
            {
              "name": "TA08-150A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
            },
            {
              "name": "30430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30430"
            },
            {
              "name": "APPLE-SA-2008-05-28",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
            },
            {
              "name": "SUSE-SA:2008:022",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
            },
            {
              "name": "28161",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28161"
            },
            {
              "name": "RHSA-2007:1126",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1126.html"
            },
            {
              "name": "29763",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29763"
            },
            {
              "name": "238305",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
            },
            {
              "name": "26930",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26930"
            },
            {
              "name": "ADV-2007-4258",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4258"
            },
            {
              "name": "1019116",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019116"
            },
            {
              "name": "GLSA-200804-21",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
            },
            {
              "name": "ADV-2008-1697",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1697"
            },
            {
              "name": "TA08-100A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
            },
            {
              "name": "28213",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28213"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb07-20.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5275",
    "datePublished": "2007-10-08T23:00:00.000Z",
    "dateReserved": "2007-10-08T00:00:00.000Z",
    "dateUpdated": "2024-08-07T15:24:42.481Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-6019 (GCVE-0-2007-6019)

Vulnerability from cvelistv5 – Published: 2008-04-09 21:00 – Updated: 2024-08-07 15:54

Summary

Severity ?

No CVSS data available.

CWE

Assigner

flexera

References

22 references

URL	Tags
http://secunia.com/advisories/29865	third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/30507	third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1019810	vdb-entryx_refsource_SECTRACK
http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/1724…	vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.redhat.com/support/errata/RHSA-2008-02…	vendor-advisoryx_refsource_REDHAT
http://securityreason.com/securityalert/3805	third-party-advisoryx_refsource_SREASON
http://www.us-cert.gov/cas/techalerts/TA08-150A.html	third-party-advisoryx_refsource_CERT
http://secunia.com/advisories/30430	third-party-advisoryx_refsource_SECUNIA
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/archive/1/490824/100…	mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/29763	third-party-advisoryx_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://www.securityfocus.com/archive/1/490623/100…	mailing-listx_refsource_BUGTRAQ
http://www.zerodayinitiative.com/advisories/ZDI-08-021	x_refsource_MISC
http://www.gentoo.org/security/en/glsa/glsa-20080…	vendor-advisoryx_refsource_GENTOO
http://www.vupen.com/english/advisories/2008/1697	vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/28694	vdb-entryx_refsource_BID
http://www.us-cert.gov/cas/techalerts/TA08-100A.html	third-party-advisoryx_refsource_CERT

Date Public ?

2008-04-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:25.719Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "29865",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29865"
          },
          {
            "name": "oval:org.mitre.oval:def:10160",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160"
          },
          {
            "name": "30507",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30507"
          },
          {
            "name": "1019810",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019810"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
          },
          {
            "name": "ADV-2008-1724",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1724/references"
          },
          {
            "name": "adobe-flash-declarefunction2-bo(41717)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717"
          },
          {
            "name": "RHSA-2008:0221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
          },
          {
            "name": "3805",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3805"
          },
          {
            "name": "TA08-150A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
          },
          {
            "name": "30430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30430"
          },
          {
            "name": "APPLE-SA-2008-05-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
          },
          {
            "name": "SUSE-SA:2008:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
          },
          {
            "name": "20080414 Secunia Research: Adobe Flash Player \"Declare Function (V7)\" HeapOverflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded"
          },
          {
            "name": "29763",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29763"
          },
          {
            "name": "238305",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
          },
          {
            "name": "20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021"
          },
          {
            "name": "GLSA-200804-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
          },
          {
            "name": "ADV-2008-1697",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1697"
          },
          {
            "name": "28694",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28694"
          },
          {
            "name": "TA08-100A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01.000Z",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "29865",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29865"
        },
        {
          "name": "oval:org.mitre.oval:def:10160",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160"
        },
        {
          "name": "30507",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30507"
        },
        {
          "name": "1019810",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019810"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
        },
        {
          "name": "ADV-2008-1724",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1724/references"
        },
        {
          "name": "adobe-flash-declarefunction2-bo(41717)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717"
        },
        {
          "name": "RHSA-2008:0221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
        },
        {
          "name": "3805",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3805"
        },
        {
          "name": "TA08-150A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
        },
        {
          "name": "30430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30430"
        },
        {
          "name": "APPLE-SA-2008-05-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
        },
        {
          "name": "SUSE-SA:2008:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
        },
        {
          "name": "20080414 Secunia Research: Adobe Flash Player \"Declare Function (V7)\" HeapOverflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded"
        },
        {
          "name": "29763",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29763"
        },
        {
          "name": "238305",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
        },
        {
          "name": "20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021"
        },
        {
          "name": "GLSA-200804-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
        },
        {
          "name": "ADV-2008-1697",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1697"
        },
        {
          "name": "28694",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28694"
        },
        {
          "name": "TA08-100A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2007-6019",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "29865",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29865"
            },
            {
              "name": "oval:org.mitre.oval:def:10160",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160"
            },
            {
              "name": "30507",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30507"
            },
            {
              "name": "1019810",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019810"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
            },
            {
              "name": "ADV-2008-1724",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1724/references"
            },
            {
              "name": "adobe-flash-declarefunction2-bo(41717)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717"
            },
            {
              "name": "RHSA-2008:0221",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
            },
            {
              "name": "3805",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3805"
            },
            {
              "name": "TA08-150A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
            },
            {
              "name": "30430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30430"
            },
            {
              "name": "APPLE-SA-2008-05-28",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
            },
            {
              "name": "SUSE-SA:2008:022",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
            },
            {
              "name": "20080414 Secunia Research: Adobe Flash Player \"Declare Function (V7)\" HeapOverflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded"
            },
            {
              "name": "29763",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29763"
            },
            {
              "name": "238305",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
            },
            {
              "name": "20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-021",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021"
            },
            {
              "name": "GLSA-200804-21",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
            },
            {
              "name": "ADV-2008-1697",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1697"
            },
            {
              "name": "28694",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28694"
            },
            {
              "name": "TA08-100A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2007-6019",
    "datePublished": "2008-04-09T21:00:00.000Z",
    "dateReserved": "2007-11-19T00:00:00.000Z",
    "dateUpdated": "2024-08-07T15:54:25.719Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-6243 (GCVE-0-2007-6243)

Vulnerability from cvelistv5 – Published: 2007-12-20 01:00 – Updated: 2024-08-07 16:02

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

41 references

URL	Tags
http://support.nortel.com/go/main.jsp?cscat=BLTND…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/29865	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/33390	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/30507	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/28570	third-party-advisoryx_refsource_SECUNIA
http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
http://secunia.com/advisories/32702	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/1724…	vdb-entryx_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA07-355A.html	third-party-advisoryx_refsource_CERT
http://www.gentoo.org/security/en/glsa/glsa-20080…	vendor-advisoryx_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2008-02…	vendor-advisoryx_refsource_REDHAT
http://www.us-cert.gov/cas/techalerts/TA08-150A.html	third-party-advisoryx_refsource_CERT
http://jvn.jp/jp/JVN%2345675516/index.html	third-party-advisoryx_refsource_JVN
http://www.kb.cert.org/vuls/id/935737	third-party-advisoryx_refsource_CERT-VN
http://www.adobe.com/devnet/flashplayer/articles/…	x_refsource_MISC
http://secunia.com/advisories/30430	third-party-advisoryx_refsource_SECUNIA
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/26929	vdb-entryx_refsource_BID
http://secunia.com/advisories/28161	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/32759	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/29763	third-party-advisoryx_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-09…	vendor-advisoryx_refsource_REDHAT
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://www.redhat.com/support/errata/RHSA-2008-09…	vendor-advisoryx_refsource_REDHAT
http://www.vupen.com/english/advisories/2007/4258	vdb-entryx_refsource_VUPEN
http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
http://securitytracker.com/id?1019116	vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/26966	vdb-entryx_refsource_BID
http://www.gentoo.org/security/en/glsa/glsa-20080…	vendor-advisoryx_refsource_GENTOO
http://www.vupen.com/english/advisories/2008/1697	vdb-entryx_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://secunia.com/advisories/32448	third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.us-cert.gov/cas/techalerts/TA08-100A.html	third-party-advisoryx_refsource_CERT
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/28213	third-party-advisoryx_refsource_SECUNIA
http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM

Date Public ?

2007-12-18 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:02:36.337Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
          },
          {
            "name": "SUSE-SA:2007:069",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
          },
          {
            "name": "29865",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29865"
          },
          {
            "name": "33390",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33390"
          },
          {
            "name": "30507",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30507"
          },
          {
            "name": "28570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28570"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11069",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11069"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
          },
          {
            "name": "32702",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32702"
          },
          {
            "name": "ADV-2008-1724",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1724/references"
          },
          {
            "name": "TA07-355A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
          },
          {
            "name": "GLSA-200801-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
          },
          {
            "name": "RHSA-2008:0221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
          },
          {
            "name": "TA08-150A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
          },
          {
            "name": "JVN#45675516",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/jp/JVN%2345675516/index.html"
          },
          {
            "name": "VU#935737",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/935737"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html"
          },
          {
            "name": "30430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30430"
          },
          {
            "name": "APPLE-SA-2008-05-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
          },
          {
            "name": "SUSE-SA:2008:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
          },
          {
            "name": "26929",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26929"
          },
          {
            "name": "28161",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28161"
          },
          {
            "name": "32759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32759"
          },
          {
            "name": "29763",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29763"
          },
          {
            "name": "RHSA-2008:0945",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0945.html"
          },
          {
            "name": "238305",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
          },
          {
            "name": "RHSA-2008:0980",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
          },
          {
            "name": "ADV-2007-4258",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4258"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
          },
          {
            "name": "1019116",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019116"
          },
          {
            "name": "26966",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26966"
          },
          {
            "name": "GLSA-200804-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
          },
          {
            "name": "ADV-2008-1697",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1697"
          },
          {
            "name": "248586",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
          },
          {
            "name": "32448",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32448"
          },
          {
            "name": "adobe-unspecified-security-bypass(39129)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39129"
          },
          {
            "name": "TA08-100A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
          },
          {
            "name": "SUSE-SR:2008:025",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
          },
          {
            "name": "28213",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28213"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-12-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
        },
        {
          "name": "SUSE-SA:2007:069",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
        },
        {
          "name": "29865",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29865"
        },
        {
          "name": "33390",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33390"
        },
        {
          "name": "30507",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30507"
        },
        {
          "name": "28570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28570"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11069",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11069"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
        },
        {
          "name": "32702",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32702"
        },
        {
          "name": "ADV-2008-1724",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1724/references"
        },
        {
          "name": "TA07-355A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
        },
        {
          "name": "GLSA-200801-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
        },
        {
          "name": "RHSA-2008:0221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
        },
        {
          "name": "TA08-150A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
        },
        {
          "name": "JVN#45675516",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/jp/JVN%2345675516/index.html"
        },
        {
          "name": "VU#935737",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/935737"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html"
        },
        {
          "name": "30430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30430"
        },
        {
          "name": "APPLE-SA-2008-05-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
        },
        {
          "name": "SUSE-SA:2008:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
        },
        {
          "name": "26929",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26929"
        },
        {
          "name": "28161",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28161"
        },
        {
          "name": "32759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32759"
        },
        {
          "name": "29763",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29763"
        },
        {
          "name": "RHSA-2008:0945",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0945.html"
        },
        {
          "name": "238305",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
        },
        {
          "name": "RHSA-2008:0980",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
        },
        {
          "name": "ADV-2007-4258",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4258"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
        },
        {
          "name": "1019116",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019116"
        },
        {
          "name": "26966",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26966"
        },
        {
          "name": "GLSA-200804-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
        },
        {
          "name": "ADV-2008-1697",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1697"
        },
        {
          "name": "248586",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
        },
        {
          "name": "32448",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32448"
        },
        {
          "name": "adobe-unspecified-security-bypass(39129)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39129"
        },
        {
          "name": "TA08-100A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
        },
        {
          "name": "SUSE-SR:2008:025",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
        },
        {
          "name": "28213",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28213"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6243",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid=",
              "refsource": "CONFIRM",
              "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
            },
            {
              "name": "SUSE-SA:2007:069",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html"
            },
            {
              "name": "29865",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29865"
            },
            {
              "name": "33390",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33390"
            },
            {
              "name": "30507",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30507"
            },
            {
              "name": "28570",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28570"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11069",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11069"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
            },
            {
              "name": "32702",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32702"
            },
            {
              "name": "ADV-2008-1724",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1724/references"
            },
            {
              "name": "TA07-355A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html"
            },
            {
              "name": "GLSA-200801-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml"
            },
            {
              "name": "RHSA-2008:0221",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
            },
            {
              "name": "TA08-150A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
            },
            {
              "name": "JVN#45675516",
              "refsource": "JVN",
              "url": "http://jvn.jp/jp/JVN%2345675516/index.html"
            },
            {
              "name": "VU#935737",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/935737"
            },
            {
              "name": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html",
              "refsource": "MISC",
              "url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html"
            },
            {
              "name": "30430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30430"
            },
            {
              "name": "APPLE-SA-2008-05-28",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
            },
            {
              "name": "SUSE-SA:2008:022",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
            },
            {
              "name": "26929",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26929"
            },
            {
              "name": "28161",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28161"
            },
            {
              "name": "32759",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32759"
            },
            {
              "name": "29763",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29763"
            },
            {
              "name": "RHSA-2008:0945",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0945.html"
            },
            {
              "name": "238305",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
            },
            {
              "name": "RHSA-2008:0980",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
            },
            {
              "name": "ADV-2007-4258",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4258"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
            },
            {
              "name": "1019116",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019116"
            },
            {
              "name": "26966",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26966"
            },
            {
              "name": "GLSA-200804-21",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
            },
            {
              "name": "ADV-2008-1697",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1697"
            },
            {
              "name": "248586",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
            },
            {
              "name": "32448",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32448"
            },
            {
              "name": "adobe-unspecified-security-bypass(39129)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39129"
            },
            {
              "name": "TA08-100A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
            },
            {
              "name": "SUSE-SR:2008:025",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
            },
            {
              "name": "28213",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28213"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb07-20.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6243",
    "datePublished": "2007-12-20T01:00:00.000Z",
    "dateReserved": "2007-12-05T00:00:00.000Z",
    "dateUpdated": "2024-08-07T16:02:36.337Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-6637 (GCVE-0-2007-6637)

Vulnerability from cvelistv5 – Published: 2008-01-04 00:00 – Updated: 2024-08-07 16:11

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

18 references

URL	Tags
http://secunia.com/advisories/29865	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/30507	third-party-advisoryx_refsource_SECUNIA
http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/1724…	vdb-entryx_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2008-02…	vendor-advisoryx_refsource_REDHAT
http://www.us-cert.gov/cas/techalerts/TA08-150A.html	third-party-advisoryx_refsource_CERT
http://secunia.com/advisories/30430	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/27034	vdb-entryx_refsource_BID
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/29763	third-party-advisoryx_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://www.gentoo.org/security/en/glsa/glsa-20080…	vendor-advisoryx_refsource_GENTOO
http://www.vupen.com/english/advisories/2008/1697	vdb-entryx_refsource_VUPEN
http://securitytracker.com/id?1019141	vdb-entryx_refsource_SECTRACK
http://www.adobe.com/support/security/advisories/…	x_refsource_CONFIRM
http://www.us-cert.gov/cas/techalerts/TA08-100A.html	third-party-advisoryx_refsource_CERT

Date Public ?

2007-12-24 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:11:06.068Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "29865",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29865"
          },
          {
            "name": "30507",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30507"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
          },
          {
            "name": "ADV-2008-1724",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1724/references"
          },
          {
            "name": "RHSA-2008:0221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
          },
          {
            "name": "TA08-150A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
          },
          {
            "name": "30430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30430"
          },
          {
            "name": "27034",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27034"
          },
          {
            "name": "APPLE-SA-2008-05-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
          },
          {
            "name": "SUSE-SA:2008:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
          },
          {
            "name": "29763",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29763"
          },
          {
            "name": "238305",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
          },
          {
            "name": "oval:org.mitre.oval:def:9828",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9828"
          },
          {
            "name": "GLSA-200804-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
          },
          {
            "name": "ADV-2008-1697",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1697"
          },
          {
            "name": "1019141",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019141"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa07-06.html"
          },
          {
            "name": "TA08-100A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-12-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to \"pre-generated SWF files\" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect.  NOTE: the asfunction: vector is already covered by CVE-2007-6244.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "29865",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29865"
        },
        {
          "name": "30507",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30507"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
        },
        {
          "name": "ADV-2008-1724",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1724/references"
        },
        {
          "name": "RHSA-2008:0221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
        },
        {
          "name": "TA08-150A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
        },
        {
          "name": "30430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30430"
        },
        {
          "name": "27034",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27034"
        },
        {
          "name": "APPLE-SA-2008-05-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
        },
        {
          "name": "SUSE-SA:2008:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
        },
        {
          "name": "29763",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29763"
        },
        {
          "name": "238305",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
        },
        {
          "name": "oval:org.mitre.oval:def:9828",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9828"
        },
        {
          "name": "GLSA-200804-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
        },
        {
          "name": "ADV-2008-1697",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1697"
        },
        {
          "name": "1019141",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019141"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa07-06.html"
        },
        {
          "name": "TA08-100A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6637",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to \"pre-generated SWF files\" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect.  NOTE: the asfunction: vector is already covered by CVE-2007-6244.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "29865",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29865"
            },
            {
              "name": "30507",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30507"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
            },
            {
              "name": "ADV-2008-1724",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1724/references"
            },
            {
              "name": "RHSA-2008:0221",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
            },
            {
              "name": "TA08-150A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
            },
            {
              "name": "30430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30430"
            },
            {
              "name": "27034",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27034"
            },
            {
              "name": "APPLE-SA-2008-05-28",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
            },
            {
              "name": "SUSE-SA:2008:022",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
            },
            {
              "name": "29763",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29763"
            },
            {
              "name": "238305",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
            },
            {
              "name": "oval:org.mitre.oval:def:9828",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9828"
            },
            {
              "name": "GLSA-200804-21",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
            },
            {
              "name": "ADV-2008-1697",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1697"
            },
            {
              "name": "1019141",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019141"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa07-06.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa07-06.html"
            },
            {
              "name": "TA08-100A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6637",
    "datePublished": "2008-01-04T00:00:00.000Z",
    "dateReserved": "2008-01-03T00:00:00.000Z",
    "dateUpdated": "2024-08-07T16:11:06.068Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-1654 (GCVE-0-2008-1654)

Vulnerability from cvelistv5 – Published: 2008-04-02 18:00 – Updated: 2024-08-07 08:32

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

22 references

URL	Tags
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/29865	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/30507	third-party-advisoryx_refsource_SECUNIA
http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2008/Jan/0204.html	mailing-listx_refsource_FULLDISC
http://www.vupen.com/english/advisories/2008/1724…	vdb-entryx_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2008-02…	vendor-advisoryx_refsource_REDHAT
http://www.us-cert.gov/cas/techalerts/TA08-150A.html	third-party-advisoryx_refsource_CERT
http://secunia.com/advisories/30430	third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.securitytracker.com/id?1019807	vdb-entryx_refsource_SECTRACK
http://www.gnucitizen.org/blog/hacking-the-interwebs/	x_refsource_MISC
http://secunia.com/advisories/29763	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/28696	vdb-entryx_refsource_BID
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://www.kb.cert.org/vuls/id/347812	third-party-advisoryx_refsource_CERT-VN
http://www.gentoo.org/security/en/glsa/glsa-20080…	vendor-advisoryx_refsource_GENTOO
http://seclists.org/bugtraq/2008/Jan/0182.html	mailing-listx_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2008/1697	vdb-entryx_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA08-100A.html	third-party-advisoryx_refsource_CERT

Date Public ?

2008-01-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:32:01.056Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:11435",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11435"
          },
          {
            "name": "29865",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29865"
          },
          {
            "name": "30507",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30507"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
          },
          {
            "name": "20080113 Hacking The Interwebs",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2008/Jan/0204.html"
          },
          {
            "name": "ADV-2008-1724",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1724/references"
          },
          {
            "name": "RHSA-2008:0221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
          },
          {
            "name": "TA08-150A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
          },
          {
            "name": "30430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30430"
          },
          {
            "name": "adobe-flash-navigatetourl-csrf(41718)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41718"
          },
          {
            "name": "APPLE-SA-2008-05-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
          },
          {
            "name": "SUSE-SA:2008:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
          },
          {
            "name": "1019807",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019807"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gnucitizen.org/blog/hacking-the-interwebs/"
          },
          {
            "name": "29763",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29763"
          },
          {
            "name": "28696",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28696"
          },
          {
            "name": "238305",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
          },
          {
            "name": "VU#347812",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/347812"
          },
          {
            "name": "GLSA-200804-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
          },
          {
            "name": "20080113 Hacking The Interwebs",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2008/Jan/0182.html"
          },
          {
            "name": "ADV-2008-1697",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1697"
          },
          {
            "name": "TA08-100A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:11435",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11435"
        },
        {
          "name": "29865",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29865"
        },
        {
          "name": "30507",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30507"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
        },
        {
          "name": "20080113 Hacking The Interwebs",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2008/Jan/0204.html"
        },
        {
          "name": "ADV-2008-1724",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1724/references"
        },
        {
          "name": "RHSA-2008:0221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
        },
        {
          "name": "TA08-150A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
        },
        {
          "name": "30430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30430"
        },
        {
          "name": "adobe-flash-navigatetourl-csrf(41718)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41718"
        },
        {
          "name": "APPLE-SA-2008-05-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
        },
        {
          "name": "SUSE-SA:2008:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
        },
        {
          "name": "1019807",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019807"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gnucitizen.org/blog/hacking-the-interwebs/"
        },
        {
          "name": "29763",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29763"
        },
        {
          "name": "28696",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28696"
        },
        {
          "name": "238305",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
        },
        {
          "name": "VU#347812",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/347812"
        },
        {
          "name": "GLSA-200804-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
        },
        {
          "name": "20080113 Hacking The Interwebs",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2008/Jan/0182.html"
        },
        {
          "name": "ADV-2008-1697",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1697"
        },
        {
          "name": "TA08-100A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1654",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:11435",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11435"
            },
            {
              "name": "29865",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29865"
            },
            {
              "name": "30507",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30507"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
            },
            {
              "name": "20080113 Hacking The Interwebs",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2008/Jan/0204.html"
            },
            {
              "name": "ADV-2008-1724",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1724/references"
            },
            {
              "name": "RHSA-2008:0221",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
            },
            {
              "name": "TA08-150A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
            },
            {
              "name": "30430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30430"
            },
            {
              "name": "adobe-flash-navigatetourl-csrf(41718)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41718"
            },
            {
              "name": "APPLE-SA-2008-05-28",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
            },
            {
              "name": "SUSE-SA:2008:022",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
            },
            {
              "name": "1019807",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019807"
            },
            {
              "name": "http://www.gnucitizen.org/blog/hacking-the-interwebs/",
              "refsource": "MISC",
              "url": "http://www.gnucitizen.org/blog/hacking-the-interwebs/"
            },
            {
              "name": "29763",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29763"
            },
            {
              "name": "28696",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28696"
            },
            {
              "name": "238305",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
            },
            {
              "name": "VU#347812",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/347812"
            },
            {
              "name": "GLSA-200804-21",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
            },
            {
              "name": "20080113 Hacking The Interwebs",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2008/Jan/0182.html"
            },
            {
              "name": "ADV-2008-1697",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1697"
            },
            {
              "name": "TA08-100A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1654",
    "datePublished": "2008-04-02T18:00:00.000Z",
    "dateReserved": "2008-04-02T00:00:00.000Z",
    "dateUpdated": "2024-08-07T08:32:01.056Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-1655 (GCVE-0-2008-1655)

Vulnerability from cvelistv5 – Published: 2008-04-09 21:00 – Updated: 2024-08-07 08:32

Summary

Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

20 references

URL	Tags
http://secunia.com/advisories/29865	third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://www.securitytracker.com/id?1019808	vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/30507	third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/28697	vdb-entryx_refsource_BID
http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/1724…	vdb-entryx_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2008-02…	vendor-advisoryx_refsource_REDHAT
http://www.us-cert.gov/cas/techalerts/TA08-150A.html	third-party-advisoryx_refsource_CERT
http://secunia.com/advisories/30430	third-party-advisoryx_refsource_SECUNIA
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/29763	third-party-advisoryx_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://www.gentoo.org/security/en/glsa/glsa-20080…	vendor-advisoryx_refsource_GENTOO
http://www.osvdb.org/44283	vdb-entryx_refsource_OSVDB
http://www.vupen.com/english/advisories/2008/1697	vdb-entryx_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA08-100A.html	third-party-advisoryx_refsource_CERT
http://www.adobe.com/devnet/flashplayer/articles/…	x_refsource_MISC

Date Public ?

2008-04-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:32:01.257Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "29865",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29865"
          },
          {
            "name": "oval:org.mitre.oval:def:10724",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10724"
          },
          {
            "name": "1019808",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019808"
          },
          {
            "name": "30507",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30507"
          },
          {
            "name": "adobe-flash-dnsrebinding-security-bypass(41807)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41807"
          },
          {
            "name": "28697",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28697"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
          },
          {
            "name": "ADV-2008-1724",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1724/references"
          },
          {
            "name": "RHSA-2008:0221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
          },
          {
            "name": "TA08-150A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
          },
          {
            "name": "30430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30430"
          },
          {
            "name": "APPLE-SA-2008-05-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
          },
          {
            "name": "SUSE-SA:2008:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
          },
          {
            "name": "29763",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29763"
          },
          {
            "name": "238305",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
          },
          {
            "name": "GLSA-200804-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
          },
          {
            "name": "44283",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/44283"
          },
          {
            "name": "ADV-2008-1697",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1697"
          },
          {
            "name": "TA08-100A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "29865",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29865"
        },
        {
          "name": "oval:org.mitre.oval:def:10724",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10724"
        },
        {
          "name": "1019808",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019808"
        },
        {
          "name": "30507",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30507"
        },
        {
          "name": "adobe-flash-dnsrebinding-security-bypass(41807)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41807"
        },
        {
          "name": "28697",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28697"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
        },
        {
          "name": "ADV-2008-1724",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1724/references"
        },
        {
          "name": "RHSA-2008:0221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
        },
        {
          "name": "TA08-150A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
        },
        {
          "name": "30430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30430"
        },
        {
          "name": "APPLE-SA-2008-05-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
        },
        {
          "name": "SUSE-SA:2008:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
        },
        {
          "name": "29763",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29763"
        },
        {
          "name": "238305",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
        },
        {
          "name": "GLSA-200804-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
        },
        {
          "name": "44283",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/44283"
        },
        {
          "name": "ADV-2008-1697",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1697"
        },
        {
          "name": "TA08-100A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1655",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "29865",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29865"
            },
            {
              "name": "oval:org.mitre.oval:def:10724",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10724"
            },
            {
              "name": "1019808",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019808"
            },
            {
              "name": "30507",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30507"
            },
            {
              "name": "adobe-flash-dnsrebinding-security-bypass(41807)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41807"
            },
            {
              "name": "28697",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28697"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
            },
            {
              "name": "ADV-2008-1724",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1724/references"
            },
            {
              "name": "RHSA-2008:0221",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
            },
            {
              "name": "TA08-150A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
            },
            {
              "name": "30430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30430"
            },
            {
              "name": "APPLE-SA-2008-05-28",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
            },
            {
              "name": "SUSE-SA:2008:022",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
            },
            {
              "name": "29763",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29763"
            },
            {
              "name": "238305",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
            },
            {
              "name": "GLSA-200804-21",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
            },
            {
              "name": "44283",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/44283"
            },
            {
              "name": "ADV-2008-1697",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1697"
            },
            {
              "name": "TA08-100A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
            },
            {
              "name": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns",
              "refsource": "MISC",
              "url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1655",
    "datePublished": "2008-04-09T21:00:00.000Z",
    "dateReserved": "2008-04-02T00:00:00.000Z",
    "dateUpdated": "2024-08-07T08:32:01.257Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-3872 (GCVE-0-2008-3872)

Vulnerability from cvelistv5 – Published: 2008-10-06 17:00 – Updated: 2024-08-07 09:53

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

3 references

URL	Tags
http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://taviso.decsystem.org/research.html	x_refsource_MISC

Date Public ?

2008-09-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:53:00.550Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
          },
          {
            "name": "flashplayer-swf-security-bypass(45713)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45713"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://taviso.decsystem.org/research.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified \"Filter evasion\" manipulations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
        },
        {
          "name": "flashplayer-swf-security-bypass(45713)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45713"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://taviso.decsystem.org/research.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3872",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified \"Filter evasion\" manipulations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
            },
            {
              "name": "flashplayer-swf-security-bypass(45713)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45713"
            },
            {
              "name": "http://taviso.decsystem.org/research.html",
              "refsource": "MISC",
              "url": "http://taviso.decsystem.org/research.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3872",
    "datePublished": "2008-10-06T17:00:00.000Z",
    "dateReserved": "2008-08-29T00:00:00.000Z",
    "dateUpdated": "2024-08-07T09:53:00.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2008_0221

CVE-2007-0071 (GCVE-0-2007-0071)

CVE-2007-5275 (GCVE-0-2007-5275)

CVE-2007-6019 (GCVE-0-2007-6019)

CVE-2007-6243 (GCVE-0-2007-6243)

CVE-2007-6637 (GCVE-0-2007-6637)

CVE-2008-1654 (GCVE-0-2008-1654)

CVE-2008-1655 (GCVE-0-2008-1655)

CVE-2008-3872 (GCVE-0-2008-3872)

Tags

Sightings

Nomenclature