CVE-2007-0071 - Vulnerability Details

Vendors	Products
Adobe	Flash Player
Redhat	Rhel Extras

Package	CPE	Advisory	Released Date
Extras for RHEL 3
flash-plugin-0:9.0.124.0-1.el3.with.oss	cpe:/a:redhat:rhel_extras:3	RHSA-2008:0221	2008-04-08T00:00:00Z
Extras for RHEL 4
flash-plugin-0:9.0.124.0-1.el4	cpe:/a:redhat:rhel_extras:4	RHSA-2008:0221	2008-04-08T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
flash-plugin-0:9.0.124.0-1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2008:0221	2008-04-08T00:00:00Z

Link	Providers
http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf
http://isc.sans.org/diary.html?storyid=4465
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
http://secunia.com/advisories/29763
http://secunia.com/advisories/29865
http://secunia.com/advisories/30404
http://secunia.com/advisories/30430
http://secunia.com/advisories/30507
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
http://www.adobe.com/support/security/bulletins/apsb08-11.html
http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
http://www.iss.net/threats/289.html
http://www.kb.cert.org/vuls/id/159523
http://www.kb.cert.org/vuls/id/395473
http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/
http://www.osvdb.org/44282
http://www.redhat.com/support/errata/RHSA-2008-0221.html
http://www.securityfocus.com/bid/28695
http://www.securityfocus.com/bid/29386
http://www.securitytracker.com/id?1019811
http://www.securitytracker.com/id?1020114
http://www.us-cert.gov/cas/techalerts/TA08-100A.html
http://www.us-cert.gov/cas/techalerts/TA08-149A.html
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://www.vupen.com/english/advisories/2008/1662/references
http://www.vupen.com/english/advisories/2008/1697
http://www.vupen.com/english/advisories/2008/1724/references
http://www.zerodayinitiative.com/advisories/ZDI-08-032/
https://exchange.xforce.ibmcloud.com/vulnerabilities/37277
https://nvd.nist.gov/vuln/detail/CVE-2007-0071
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379
https://www.cve.org/CVERecord?id=CVE-2007-0071

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-08T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-18T22:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1020114", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020114"}, {"name": "29865", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29865"}, {"tags": ["x_refsource_MISC"], "url": "http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf"}, {"name": "30507", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30507"}, {"name": "29386", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29386"}, {"name": "TA08-149A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-149A.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"}, {"name": "ADV-2008-1724", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1724/references"}, {"tags": ["x_refsource_MISC"], "url": "http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/"}, {"tags": ["x_refsource_MISC"], "url": "http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html"}, {"name": "RHSA-2008:0221", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"}, {"name": "TA08-150A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"}, {"name": "oval:org.mitre.oval:def:10379", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-032/"}, {"name": "ADV-2008-1662", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1662/references"}, {"name": "44282", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/44282"}, {"tags": ["x_refsource_MISC"], "url": "http://isc.sans.org/diary.html?storyid=4465"}, {"name": "30430", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30430"}, {"name": "APPLE-SA-2008-05-28", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"}, {"name": "SUSE-SA:2008:022", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"}, {"name": "28695", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28695"}, {"name": "29763", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29763"}, {"name": "1019811", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019811"}, {"name": "238305", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"}, {"name": "GLSA-200804-21", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"}, {"name": "multimedia-file-integer-overflow(37277)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37277"}, {"name": "ADV-2008-1697", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1697"}, {"name": "VU#159523", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/159523"}, {"name": "TA08-100A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"}, {"name": "VU#395473", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/395473"}, {"name": "20080408 Adobe Flash Player Invalid Pointer Vulnerability", "tags": ["third-party-advisory", "x_refsource_ISS"], "url": "http://www.iss.net/threats/289.html"}, {"name": "30404", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30404"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0071", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1020114", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020114"}, {"name": "29865", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29865"}, {"name": "http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf", "refsource": "MISC", "url": "http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf"}, {"name": "30507", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30507"}, {"name": "29386", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29386"}, {"name": "TA08-149A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-149A.html"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"}, {"name": "ADV-2008-1724", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1724/references"}, {"name": "http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/", "refsource": "MISC", "url": "http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/"}, {"name": "http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html", "refsource": "MISC", "url": "http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html"}, {"name": "RHSA-2008:0221", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"}, {"name": "TA08-150A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"}, {"name": "oval:org.mitre.oval:def:10379", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-032/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-032/"}, {"name": "ADV-2008-1662", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1662/references"}, {"name": "44282", "refsource": "OSVDB", "url": "http://www.osvdb.org/44282"}, {"name": "http://isc.sans.org/diary.html?storyid=4465", "refsource": "MISC", "url": "http://isc.sans.org/diary.html?storyid=4465"}, {"name": "30430", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30430"}, {"name": "APPLE-SA-2008-05-28", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"}, {"name": "SUSE-SA:2008:022", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"}, {"name": "28695", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28695"}, {"name": "29763", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29763"}, {"name": "1019811", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019811"}, {"name": "238305", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"}, {"name": "GLSA-200804-21", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"}, {"name": "multimedia-file-integer-overflow(37277)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37277"}, {"name": "ADV-2008-1697", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1697"}, {"name": "VU#159523", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/159523"}, {"name": "TA08-100A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"}, {"name": "VU#395473", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/395473"}, {"name": "20080408 Adobe Flash Player Invalid Pointer Vulnerability", "refsource": "ISS", "url": "http://www.iss.net/threats/289.html"}, {"name": "30404", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30404"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:03:37.143Z"}, "title": "CVE Program Container", "references": [{"name": "1020114", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020114"}, {"name": "29865", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29865"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf"}, {"name": "30507", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30507"}, {"name": "29386", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29386"}, {"name": "TA08-149A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-149A.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"}, {"name": "ADV-2008-1724", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1724/references"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html"}, {"name": "RHSA-2008:0221", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"}, {"name": "TA08-150A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"}, {"name": "oval:org.mitre.oval:def:10379", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-032/"}, {"name": "ADV-2008-1662", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1662/references"}, {"name": "44282", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/44282"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://isc.sans.org/diary.html?storyid=4465"}, {"name": "30430", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30430"}, {"name": "APPLE-SA-2008-05-28", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"}, {"name": "SUSE-SA:2008:022", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"}, {"name": "28695", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28695"}, {"name": "29763", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29763"}, {"name": "1019811", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019811"}, {"name": "238305", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"}, {"name": "GLSA-200804-21", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"}, {"name": "multimedia-file-integer-overflow(37277)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37277"}, {"name": "ADV-2008-1697", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1697"}, {"name": "VU#159523", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/159523"}, {"name": "TA08-100A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"}, {"name": "VU#395473", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/395473"}, {"name": "20080408 Adobe Flash Player Invalid Pointer Vulnerability", "tags": ["third-party-advisory", "x_refsource_ISS", "x_transferred"], "url": "http://www.iss.net/threats/289.html"}, {"name": "30404", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30404"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0071", "datePublished": "2008-04-09T21:00:00", "dateReserved": "2007-01-04T00:00:00", "dateUpdated": "2024-08-07T12:03:37.143Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2008-04-08T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-12-18T22:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : 1020114 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id?1020114 (string)

}

1 : { »

name : 29865 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/29865 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf (string)

}

3 : { »

name : 30507 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/30507 (string)

}

4 : { »

name : 29386 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/29386 (string)

}

5 : { »

name : TA08-149A (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-149A.html (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.adobe.com/support/security/bulletins/apsb08-11.html (string)

}

7 : { »

name : ADV-2008-1724 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2008/1724/references (string)

}

8 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/ (string)

}

9 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html (string)

}

10 : { »

name : RHSA-2008:0221 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://www.redhat.com/support/errata/RHSA-2008-0221.html (string)

}

11 : { »

name : TA08-150A (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-150A.html (string)

}

12 : { »

name : oval:org.mitre.oval:def:10379 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379 (string)

}

13 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://www.zerodayinitiative.com/advisories/ZDI-08-032/ (string)

}

14 : { »

name : ADV-2008-1662 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2008/1662/references (string)

}

15 : { »

name : 44282 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

]

url : http://www.osvdb.org/44282 (string)

}

16 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://isc.sans.org/diary.html?storyid=4465 (string)

}

17 : { »

name : 30430 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/30430 (string)

}

18 : { »

name : APPLE-SA-2008-05-28 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_APPLE (string)

]

url : http://lists.apple.com/archives/security-announce/2008//May/msg00001.html (string)

}

19 : { »

name : SUSE-SA:2008:022 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html (string)

}

20 : { »

name : 28695 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/28695 (string)

}

21 : { »

name : 29763 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/29763 (string)

}

22 : { »

name : 1019811 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id?1019811 (string)

}

23 : { »

name : 238305 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUNALERT (string)

]

url : http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 (string)

}

24 : { »

name : GLSA-200804-21 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml (string)

}

25 : { »

name : multimedia-file-integer-overflow(37277) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/37277 (string)

}

26 : { »

name : ADV-2008-1697 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2008/1697 (string)

}

27 : { »

name : VU#159523 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

]

url : http://www.kb.cert.org/vuls/id/159523 (string)

}

28 : { »

name : TA08-100A (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-100A.html (string)

}

29 : { »

name : VU#395473 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

]

url : http://www.kb.cert.org/vuls/id/395473 (string)

}

30 : { »

name : 20080408 Adobe Flash Player Invalid Pointer Vulnerability (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_ISS (string)

]

url : http://www.iss.net/threats/289.html (string)

}

31 : { »

name : 30404 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/30404 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2007-0071 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 1020114 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id?1020114 (string)

}

1 : { »

name : 29865 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/29865 (string)

}

2 : { »

name : http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf (string)

refsource : MISC (string)

url : http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf (string)

}

3 : { »

name : 30507 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/30507 (string)

}

4 : { »

name : 29386 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/29386 (string)

}

5 : { »

name : TA08-149A (string)

refsource : CERT (string)

url : http://www.us-cert.gov/cas/techalerts/TA08-149A.html (string)

}

6 : { »

name : http://www.adobe.com/support/security/bulletins/apsb08-11.html (string)

refsource : CONFIRM (string)

url : http://www.adobe.com/support/security/bulletins/apsb08-11.html (string)

}

7 : { »

name : ADV-2008-1724 (string)

refsource : VUPEN (string)

url : http://www.vupen.com/english/advisories/2008/1724/references (string)

}

8 : { »

name : http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/ (string)

refsource : MISC (string)

url : http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/ (string)

}

9 : { »

name : http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html (string)

refsource : MISC (string)

url : http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html (string)

}

10 : { »

name : RHSA-2008:0221 (string)

refsource : REDHAT (string)

url : http://www.redhat.com/support/errata/RHSA-2008-0221.html (string)

}

11 : { »

name : TA08-150A (string)

refsource : CERT (string)

url : http://www.us-cert.gov/cas/techalerts/TA08-150A.html (string)

}

12 : { »

name : oval:org.mitre.oval:def:10379 (string)

refsource : OVAL (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379 (string)

}

13 : { »

name : http://www.zerodayinitiative.com/advisories/ZDI-08-032/ (string)

refsource : MISC (string)

url : http://www.zerodayinitiative.com/advisories/ZDI-08-032/ (string)

}

14 : { »

name : ADV-2008-1662 (string)

refsource : VUPEN (string)

url : http://www.vupen.com/english/advisories/2008/1662/references (string)

}

15 : { »

name : 44282 (string)

refsource : OSVDB (string)

url : http://www.osvdb.org/44282 (string)

}

16 : { »

name : http://isc.sans.org/diary.html?storyid=4465 (string)

refsource : MISC (string)

url : http://isc.sans.org/diary.html?storyid=4465 (string)

}

17 : { »

name : 30430 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/30430 (string)

}

18 : { »

name : APPLE-SA-2008-05-28 (string)

refsource : APPLE (string)

url : http://lists.apple.com/archives/security-announce/2008//May/msg00001.html (string)

}

19 : { »

name : SUSE-SA:2008:022 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html (string)

}

20 : { »

name : 28695 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/28695 (string)

}

21 : { »

name : 29763 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/29763 (string)

}

22 : { »

name : 1019811 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id?1019811 (string)

}

23 : { »

name : 238305 (string)

refsource : SUNALERT (string)

url : http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 (string)

}

24 : { »

name : GLSA-200804-21 (string)

refsource : GENTOO (string)

url : http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml (string)

}

25 : { »

name : multimedia-file-integer-overflow(37277) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/37277 (string)

}

26 : { »

name : ADV-2008-1697 (string)

refsource : VUPEN (string)

url : http://www.vupen.com/english/advisories/2008/1697 (string)

}

27 : { »

name : VU#159523 (string)

refsource : CERT-VN (string)

url : http://www.kb.cert.org/vuls/id/159523 (string)

}

28 : { »

name : TA08-100A (string)

refsource : CERT (string)

url : http://www.us-cert.gov/cas/techalerts/TA08-100A.html (string)

}

29 : { »

name : VU#395473 (string)

refsource : CERT-VN (string)

url : http://www.kb.cert.org/vuls/id/395473 (string)

}

30 : { »

name : 20080408 Adobe Flash Player Invalid Pointer Vulnerability (string)

refsource : ISS (string)

url : http://www.iss.net/threats/289.html (string)

}

31 : { »

name : 30404 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/30404 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T12:03:37.143Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 1020114 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id?1020114 (string)

}

1 : { »

name : 29865 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/29865 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf (string)

}

3 : { »

name : 30507 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/30507 (string)

}

4 : { »

name : 29386 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/29386 (string)

}

5 : { »

name : TA08-149A (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT (string)

2 : x_transferred (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-149A.html (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.adobe.com/support/security/bulletins/apsb08-11.html (string)

}

7 : { »

name : ADV-2008-1724 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2008/1724/references (string)

}

8 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/ (string)

}

9 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html (string)

}

10 : { »

name : RHSA-2008:0221 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://www.redhat.com/support/errata/RHSA-2008-0221.html (string)

}

11 : { »

name : TA08-150A (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT (string)

2 : x_transferred (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-150A.html (string)

}

12 : { »

name : oval:org.mitre.oval:def:10379 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

3 : x_transferred (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379 (string)

}

13 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://www.zerodayinitiative.com/advisories/ZDI-08-032/ (string)

}

14 : { »

name : ADV-2008-1662 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2008/1662/references (string)

}

15 : { »

name : 44282 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

2 : x_transferred (string)

]

url : http://www.osvdb.org/44282 (string)

}

16 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://isc.sans.org/diary.html?storyid=4465 (string)

}

17 : { »

name : 30430 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/30430 (string)

}

18 : { »

name : APPLE-SA-2008-05-28 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_APPLE (string)

2 : x_transferred (string)

]

url : http://lists.apple.com/archives/security-announce/2008//May/msg00001.html (string)

}

19 : { »

name : SUSE-SA:2008:022 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html (string)

}

20 : { »

name : 28695 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/28695 (string)

}

21 : { »

name : 29763 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/29763 (string)

}

22 : { »

name : 1019811 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id?1019811 (string)

}

23 : { »

name : 238305 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUNALERT (string)

2 : x_transferred (string)

]

url : http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 (string)

}

24 : { »

name : GLSA-200804-21 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml (string)

}

25 : { »

name : multimedia-file-integer-overflow(37277) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/37277 (string)

}

26 : { »

name : ADV-2008-1697 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2008/1697 (string)

}

27 : { »

name : VU#159523 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

2 : x_transferred (string)

]

url : http://www.kb.cert.org/vuls/id/159523 (string)

}

28 : { »

name : TA08-100A (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT (string)

2 : x_transferred (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-100A.html (string)

}

29 : { »

name : VU#395473 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

2 : x_transferred (string)

]

url : http://www.kb.cert.org/vuls/id/395473 (string)

}

30 : { »

name : 20080408 Adobe Flash Player Invalid Pointer Vulnerability (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_ISS (string)

2 : x_transferred (string)

]

url : http://www.iss.net/threats/289.html (string)

}

31 : { »

name : 30404 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/30404 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2007-0071 (string)

datePublished : 2008-04-09T21:00:00 (string)

dateReserved : 2007-01-04T00:00:00 (string)

dateUpdated : 2024-08-07T12:03:37.143Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "307CD062-FF65-4300-AC60-4B5DA1E1961C", "versionEndIncluding": "8.0.39.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3962F47-B2A5-4B69-AB35-F8C7745682A2", "versionEndIncluding": "9.0.115.0", "versionStartIncluding": "9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow."}, {"lang": "es", "value": "El desbordamiento de enteros en Adobe Flash Player versi\u00f3n 9.0.115.0 y versiones anteriores, y versi\u00f3n 8.0.39.0 y versiones anteriores, permite que los atacantes remotos ejecuten c\u00f3digo arbitrario por medio de un archivo SWF creado con un valor de Scene Count negativo, que pasa por una comparaci\u00f3n firmada, se utiliza como compensaci\u00f3n de un puntero NULL, y se desencadena un desbordamiento de b\u00fafer."}], "id": "CVE-2007-0071", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-04-09T21:05:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://isc.sans.org/diary.html?storyid=4465"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/29763"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/29865"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/30404"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/30430"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/30507"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.iss.net/threats/289.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/159523"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/395473"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.osvdb.org/44282"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/28695"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/29386"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1019811"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1020114"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-149A.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1662/references"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1697"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1724/references"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-032/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37277"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://isc.sans.org/diary.html?storyid=4465"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/29763"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/29865"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/30404"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/30430"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/30507"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.iss.net/threats/289.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/159523"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/395473"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.osvdb.org/44282"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/28695"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/29386"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1019811"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1020114"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-149A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1662/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1697"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1724/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-032/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37277"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 307CD062-FF65-4300-AC60-4B5DA1E1961C (string)

versionEndIncluding : 8.0.39.0 (string)

versionStartIncluding : 8.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F3962F47-B2A5-4B69-AB35-F8C7745682A2 (string)

versionEndIncluding : 9.0.115.0 (string)

versionStartIncluding : 9.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow. (string)

}

1 : { »

lang : es (string)

value : El desbordamiento de enteros en Adobe Flash Player versión 9.0.115.0 y versiones anteriores, y versión 8.0.39.0 y versiones anteriores, permite que los atacantes remotos ejecuten código arbitrario por medio de un archivo SWF creado con un valor de Scene Count negativo, que pasa por una comparación firmada, se utiliza como compensación de un puntero NULL, y se desencadena un desbordamiento de búfer. (string)

}

]

id : CVE-2007-0071 (string)

lastModified : 2025-04-09T00:30:58.490 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9.3 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:M/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 10 (number)

obtainAllPrivilege : true (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2008-04-09T21:05:00.000 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Broken Link (string)

]

url : http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://isc.sans.org/diary.html?storyid=4465 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

]

url : http://lists.apple.com/archives/security-announce/2008//May/msg00001.html (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/29763 (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/29865 (string)

}

7 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/30404 (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/30430 (string)

}

9 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/30507 (string)

}

10 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Broken Link (string)

]

url : http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 (string)

}

11 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.adobe.com/support/security/bulletins/apsb08-11.html (string)

}

12 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml (string)

}

13 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www.iss.net/threats/289.html (string)

}

14 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.kb.cert.org/vuls/id/159523 (string)

}

15 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.kb.cert.org/vuls/id/395473 (string)

}

16 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/ (string)

}

17 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www.osvdb.org/44282 (string)

}

18 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.redhat.com/support/errata/RHSA-2008-0221.html (string)

}

19 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/28695 (string)

}

20 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/29386 (string)

}

21 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id?1019811 (string)

}

22 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id?1020114 (string)

}

23 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-100A.html (string)

}

24 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-149A.html (string)

}

25 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-150A.html (string)

}

26 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.vupen.com/english/advisories/2008/1662/references (string)

}

27 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.vupen.com/english/advisories/2008/1697 (string)

}

28 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.vupen.com/english/advisories/2008/1724/references (string)

}

29 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.zerodayinitiative.com/advisories/ZDI-08-032/ (string)

}

30 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/37277 (string)

}

31 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379 (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://isc.sans.org/diary.html?storyid=4465 (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

]

url : http://lists.apple.com/archives/security-announce/2008//May/msg00001.html (string)

}

36 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html (string)

}

37 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/29763 (string)

}

38 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/29865 (string)

}

39 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/30404 (string)

}

40 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/30430 (string)

}

41 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/30507 (string)

}

42 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 (string)

}

43 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.adobe.com/support/security/bulletins/apsb08-11.html (string)

}

44 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml (string)

}

45 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www.iss.net/threats/289.html (string)

}

46 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.kb.cert.org/vuls/id/159523 (string)

}

47 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.kb.cert.org/vuls/id/395473 (string)

}

48 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/ (string)

}

49 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www.osvdb.org/44282 (string)

}

50 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.redhat.com/support/errata/RHSA-2008-0221.html (string)

}

51 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/28695 (string)

}

52 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/29386 (string)

}

53 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id?1019811 (string)

}

54 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id?1020114 (string)

}

55 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-100A.html (string)

}

56 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-149A.html (string)

}

57 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-150A.html (string)

}

58 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.vupen.com/english/advisories/2008/1662/references (string)

}

59 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.vupen.com/english/advisories/2008/1697 (string)

}

60 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.vupen.com/english/advisories/2008/1724/references (string)

}

61 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.zerodayinitiative.com/advisories/ZDI-08-032/ (string)

}

62 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/37277 (string)

}

63 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-189 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2008:0221", "cpe": "cpe:/a:redhat:rhel_extras:3", "package": "flash-plugin-0:9.0.124.0-1.el3.with.oss", "product_name": "Extras for RHEL 3", "release_date": "2008-04-08T00:00:00Z"}, {"advisory": "RHSA-2008:0221", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "flash-plugin-0:9.0.124.0-1.el4", "product_name": "Extras for RHEL 4", "release_date": "2008-04-08T00:00:00Z"}, {"advisory": "RHSA-2008:0221", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "flash-plugin-0:9.0.124.0-1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2008-04-08T00:00:00Z"}], "bugzilla": {"description": "Flash Player input validation error", "id": "440684", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440684"}, "csaw": false, "cwe": "CWE-20", "details": ["Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow."], "name": "CVE-2007-0071", "public_date": "2008-04-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-0071\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-0071"], "threat_severity": "Critical"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2008:0221 (string)

cpe : cpe:/a:redhat:rhel_extras:3 (string)

package : flash-plugin-0:9.0.124.0-1.el3.with.oss (string)

product_name : Extras for RHEL 3 (string)

release_date : 2008-04-08T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2008:0221 (string)

cpe : cpe:/a:redhat:rhel_extras:4 (string)

package : flash-plugin-0:9.0.124.0-1.el4 (string)

product_name : Extras for RHEL 4 (string)

release_date : 2008-04-08T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2008:0221 (string)

cpe : cpe:/a:redhat:rhel_extras:5 (string)

package : flash-plugin-0:9.0.124.0-1.el5 (string)

product_name : Supplementary for Red Hat Enterprise Linux 5 (string)

release_date : 2008-04-08T00:00:00Z (string)

}

]

bugzilla : { »

description : Flash Player input validation error (string)

id : 440684 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=440684 (string)

}

csaw : false (boolean)

cwe : CWE-20 (string)

details : [ »

0 : Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow. (string)

]

name : CVE-2007-0071 (string)

public_date : 2008-04-08T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2007-0071 https://nvd.nist.gov/vuln/detail/CVE-2007-0071 (string)

]

threat_severity : Critical (string)

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object