Overview
Adobe Flash contains an integer overflow vulnerability. This vulnerability may allow an attacker to execute code on an affected system.
Description
The Adobe Flash Player is a player for the Flash media format and enables frame-based animations and multimedia to be viewed within a web browser. Adobe Flash Player contains an integer overflow vulnerability. An attacker may be able to trigger this overflow by convincing a user to open a specially crafted SWF file. The SWF file could be hosted or imbedded in a web page. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code or cause the Flash player to crash. |
Solution
Upgrade |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- |
| Temporal | 0 | E:ND/RL:ND/RC:ND |
| Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
- http://www.adobe.com/support/security/bulletins/apsb08-11.html
- http://noscript.net/
- http://www.us-cert.gov/reading_room/securing_browser/
- http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/
- http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf
- https://www.securecoding.cert.org/confluence/x/vwE
- https://www.securecoding.cert.org/confluence/x/QgE
Acknowledgements
Thanks to Adobe for information that was used in this report.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | CVE-2007-0071 |
| Severity Metric: | 38.81 |
| Date Public: | 2008-04-08 |
| Date First Published: | 2008-04-25 |
| Date Last Updated: | 2008-07-21 17:59 UTC |
| Document Revision: | 26 |