Vulnerabilidad en Adobe Flash Player (CVE-2007-0071)
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-189
Errores numéricos
Fecha de publicación:
09/04/2008
Última modificación:
09/04/2025
Descripción
El desbordamiento de enteros en Adobe Flash Player versión 9.0.115.0 y versiones anteriores, y versión 8.0.39.0 y versiones anteriores, permite que los atacantes remotos ejecuten código arbitrario por medio de un archivo SWF creado con un valor de Scene Count negativo, que pasa por una comparación firmada, se utiliza como compensación de un puntero NULL, y se desencadena un desbordamiento de búfer.
Impacto
Puntuación base 2.0
9.30
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* | 8.0 (incluyendo) | 8.0.39.0 (incluyendo) |
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* | 9.0 (incluyendo) | 9.0.115.0 (incluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
- http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf
- http://isc.sans.org/diary.html?storyid=4465
- http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
- http://secunia.com/advisories/29763
- http://secunia.com/advisories/29865
- http://secunia.com/advisories/30404
- http://secunia.com/advisories/30430
- http://secunia.com/advisories/30507
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
- http://www.adobe.com/support/security/bulletins/apsb08-11.html
- http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
- http://www.iss.net/threats/289.html
- http://www.kb.cert.org/vuls/id/159523
- http://www.kb.cert.org/vuls/id/395473
- http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/
- http://www.osvdb.org/44282
- http://www.redhat.com/support/errata/RHSA-2008-0221.html
- http://www.securityfocus.com/bid/28695
- http://www.securityfocus.com/bid/29386
- http://www.securitytracker.com/id?1019811=
- http://www.securitytracker.com/id?1020114=
- http://www.us-cert.gov/cas/techalerts/TA08-100A.html
- http://www.us-cert.gov/cas/techalerts/TA08-149A.html
- http://www.us-cert.gov/cas/techalerts/TA08-150A.html
- http://www.vupen.com/english/advisories/2008/1662/references
- http://www.vupen.com/english/advisories/2008/1697
- http://www.vupen.com/english/advisories/2008/1724/references
- http://www.zerodayinitiative.com/advisories/ZDI-08-032/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37277
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379
- http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
- http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf
- http://isc.sans.org/diary.html?storyid=4465
- http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
- http://secunia.com/advisories/29763
- http://secunia.com/advisories/29865
- http://secunia.com/advisories/30404
- http://secunia.com/advisories/30430
- http://secunia.com/advisories/30507
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
- http://www.adobe.com/support/security/bulletins/apsb08-11.html
- http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
- http://www.iss.net/threats/289.html
- http://www.kb.cert.org/vuls/id/159523
- http://www.kb.cert.org/vuls/id/395473
- http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/
- http://www.osvdb.org/44282
- http://www.redhat.com/support/errata/RHSA-2008-0221.html
- http://www.securityfocus.com/bid/28695
- http://www.securityfocus.com/bid/29386
- http://www.securitytracker.com/id?1019811=
- http://www.securitytracker.com/id?1020114=
- http://www.us-cert.gov/cas/techalerts/TA08-100A.html
- http://www.us-cert.gov/cas/techalerts/TA08-149A.html
- http://www.us-cert.gov/cas/techalerts/TA08-150A.html
- http://www.vupen.com/english/advisories/2008/1662/references
- http://www.vupen.com/english/advisories/2008/1697
- http://www.vupen.com/english/advisories/2008/1724/references
- http://www.zerodayinitiative.com/advisories/ZDI-08-032/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37277
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379