Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6019

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-6019
Last Modified 07 Mar 2011 10:01:40
Published 09 Apr 2008 05:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6019

Summary

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.

Vulnerable Systems

Application

  • Adobe Air 1.0

  • Adobe Flash Basic

  • Adobe Flash Player 7

  • Adobe Flash Player 7.0

  • Adobe Flash Player 7.0 R67

  • Adobe Flash Player 7.0.1

  • Adobe Flash Player 7.0.25

  • Adobe Flash Player 7.0.63

  • Adobe Flash Player 7.0.69.0

  • Adobe Flash Player 7.0.70.0

  • Adobe Flash Player 7.1

  • Adobe Flash Player 7.1.1

  • Adobe Flash Player 7.2

  • Adobe Flash Player 8

  • Adobe Flash Player 8.0

  • Adobe Flash Player 8.0.24.0

  • Adobe Flash Player 8.0.34.0

  • Adobe Flash Player 8.0.35.0

  • Adobe Flash Player 8.0.39.0

  • Adobe Flash Player 9

  • Adobe Flash Player 9.0.112.0

  • Adobe Flash Player 9.0.114.0

  • Adobe Flash Player 9.0.115.0

  • Adobe Flash Player 9.0.124.0

  • Adobe Flash Player 9.0.155.0

  • Adobe Flash Player 9.0.16

  • Adobe Flash Player 9.0.18d60

  • Adobe Flash Player 9.0.20

  • Adobe Flash Player 9.0.20.0

  • Adobe Flash Player 9.0.28

  • Adobe Flash Player 9.0.28.0

  • Adobe Flash Player 9.0.31

  • Adobe Flash Player 9.0.31.0

  • Adobe Flash Player 9.0.45.0

  • Adobe Flash Player 9.0.47.0

  • Adobe Flash Player 9.0.48.0

  • Adobe Flash Professional

  • Adobe Flex 3.0


References

CERT - TA08-150A

CERT - TA08-100A

BID - 28694

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb08-11.html

XF - adobe-flash-declarefunction2-bo(41717)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-021

VUPEN - ADV-2008-1724

VUPEN - ADV-2008-1697

SECTRACK - 1019810

BUGTRAQ - 20080414 Secunia Research: Adobe Flash Player "Declare Function (V7)" HeapOverflow

BUGTRAQ - 20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability

REDHAT - RHSA-2008:0221

GENTOO - GLSA-200804-21

SUNALERT - 238305

SREASON - 3805

SECUNIA - 30507

SECUNIA - 30430

SECUNIA - 29865

SECUNIA - 29763

SUSE - SUSE-SA:2008:022

APPLE - APPLE-SA-2008-05-28

Related Patches

Apple 2008-05-28 Security Update 2008-003 (PPC)

Apple 2008-05-28 Security Update 2008-003 Server (PPC)

Apple 2008-05-28 Mac OS X Server 10.5.3 Combo Update

Apple 2008-05-28 Security Update 2008-003 (Intel)

Apple 2008-05-28 Security Update 2008-003 Server (Universal)

Apple 2008-05-28 Mac OS X Server 10.5.3 Update

Apple 2008-05-28 Mac OS X 10.5.3 Combo Update (Rev 2)

Apple 2008-05-28 Mac OS X 10.5.3 Update

Adobe APSB08-11 Flash Player 9.0.r124 for IE (Upgrade) (All Languages)

Adobe Flash Player 9.0.124 for Mac OS X (PPC)

Adobe Flash Player 9.0.124 for Mac OS X (Universal)

Adobe APSB08-11 Flash Player 9.0.r124 for Netscape (Upgrade) (All Languages)


Last Updated: 27 May 2016 10:46:21