Vulnerability-Lookup

CVE-2007-6019 (GCVE-0-2007-6019)

Vulnerability from cvelistv5 – Published: 2008-04-10 01:00 – Updated: 2024-08-07 15:54

Summary

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.

Severity ?

No CVSS data available.

CWE

Assigner

flexera

References

URL

Tags

	http://secunia.com/advisories/29865	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/30507	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1019810	vdb-entryx_refsource_SECTRACK
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/1724…	vdb-entryx_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.redhat.com/support/errata/RHSA-2008-02…	vendor-advisoryx_refsource_REDHAT
	http://securityreason.com/securityalert/3805	third-party-advisoryx_refsource_SREASON
	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	third-party-advisoryx_refsource_CERT
	http://secunia.com/advisories/30430	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/archive/1/490824/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/29763	third-party-advisoryx_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://www.securityfocus.com/archive/1/490623/100…	mailing-listx_refsource_BUGTRAQ
	http://www.zerodayinitiative.com/advisories/ZDI-08-021	x_refsource_MISC
	http://www.gentoo.org/security/en/glsa/glsa-20080…	vendor-advisoryx_refsource_GENTOO
	http://www.vupen.com/english/advisories/2008/1697	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/28694	vdb-entryx_refsource_BID
	http://www.us-cert.gov/cas/techalerts/TA08-100A.html	third-party-advisoryx_refsource_CERT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:25.719Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "29865",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29865"
          },
          {
            "name": "oval:org.mitre.oval:def:10160",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160"
          },
          {
            "name": "30507",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30507"
          },
          {
            "name": "1019810",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019810"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
          },
          {
            "name": "ADV-2008-1724",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1724/references"
          },
          {
            "name": "adobe-flash-declarefunction2-bo(41717)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717"
          },
          {
            "name": "RHSA-2008:0221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
          },
          {
            "name": "3805",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3805"
          },
          {
            "name": "TA08-150A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
          },
          {
            "name": "30430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30430"
          },
          {
            "name": "APPLE-SA-2008-05-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
          },
          {
            "name": "SUSE-SA:2008:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
          },
          {
            "name": "20080414 Secunia Research: Adobe Flash Player \"Declare Function (V7)\" HeapOverflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded"
          },
          {
            "name": "29763",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29763"
          },
          {
            "name": "238305",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
          },
          {
            "name": "20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021"
          },
          {
            "name": "GLSA-200804-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
          },
          {
            "name": "ADV-2008-1697",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1697"
          },
          {
            "name": "28694",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28694"
          },
          {
            "name": "TA08-100A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-08T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T00:57:01.000Z",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "29865",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29865"
        },
        {
          "name": "oval:org.mitre.oval:def:10160",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160"
        },
        {
          "name": "30507",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30507"
        },
        {
          "name": "1019810",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019810"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
        },
        {
          "name": "ADV-2008-1724",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1724/references"
        },
        {
          "name": "adobe-flash-declarefunction2-bo(41717)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717"
        },
        {
          "name": "RHSA-2008:0221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
        },
        {
          "name": "3805",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3805"
        },
        {
          "name": "TA08-150A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
        },
        {
          "name": "30430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30430"
        },
        {
          "name": "APPLE-SA-2008-05-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
        },
        {
          "name": "SUSE-SA:2008:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
        },
        {
          "name": "20080414 Secunia Research: Adobe Flash Player \"Declare Function (V7)\" HeapOverflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded"
        },
        {
          "name": "29763",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29763"
        },
        {
          "name": "238305",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
        },
        {
          "name": "20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021"
        },
        {
          "name": "GLSA-200804-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
        },
        {
          "name": "ADV-2008-1697",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1697"
        },
        {
          "name": "28694",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28694"
        },
        {
          "name": "TA08-100A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2007-6019",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "29865",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29865"
            },
            {
              "name": "oval:org.mitre.oval:def:10160",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160"
            },
            {
              "name": "30507",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30507"
            },
            {
              "name": "1019810",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019810"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
            },
            {
              "name": "ADV-2008-1724",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1724/references"
            },
            {
              "name": "adobe-flash-declarefunction2-bo(41717)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717"
            },
            {
              "name": "RHSA-2008:0221",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
            },
            {
              "name": "3805",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3805"
            },
            {
              "name": "TA08-150A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
            },
            {
              "name": "30430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30430"
            },
            {
              "name": "APPLE-SA-2008-05-28",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
            },
            {
              "name": "SUSE-SA:2008:022",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
            },
            {
              "name": "20080414 Secunia Research: Adobe Flash Player \"Declare Function (V7)\" HeapOverflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded"
            },
            {
              "name": "29763",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29763"
            },
            {
              "name": "238305",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
            },
            {
              "name": "20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-021",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021"
            },
            {
              "name": "GLSA-200804-21",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
            },
            {
              "name": "ADV-2008-1697",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1697"
            },
            {
              "name": "28694",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28694"
            },
            {
              "name": "TA08-100A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2007-6019",
    "datePublished": "2008-04-10T01:00:00.000Z",
    "dateReserved": "2007-11-19T05:00:00.000Z",
    "dateUpdated": "2024-08-07T15:54:25.719Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-197

Vulnerability from certfr_avis - Published: 2008-04-09 - Updated: 2008-04-09

Plusieurs vulnérabilités affectent le lecteur Adobe Flash Player. Leur exploitation permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités affectent le lecteur Adobe Flash Player. Certaines proviennent d'une politique trop laxiste, en particulier dans l'utilisation des tags et des codes javascripts. D'autres vulnérabilités proviennent d'un manque de validation des entrées. Leur exploitation permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Solution

La version 9.0.124.0 corrige ces problèmes. Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Adobe Flash Player, versions 9.0.115.0 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin Adobe APSB08-11 du 08 avril 2008	None	vendor-advisory
Bulletin de sécurité Adobe apsb08-11 du 08 avril 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cSPAN class=\"textit\"\u003eAdobe Flash  Player\u003c/SPAN\u003e, versions 9.0.115.0 et ant\u00e9rieures.",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent le lecteur Adobe Flash Player.\nCertaines proviennent d\u0027une politique trop laxiste, en particulier dans\nl\u0027utilisation des tags et des codes javascripts. D\u0027autres vuln\u00e9rabilit\u00e9s\nproviennent d\u0027un manque de validation des entr\u00e9es. Leur exploitation\npermet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n\n## Solution\n\nLa version 9.0.124.0 corrige ces probl\u00e8mes. Se r\u00e9f\u00e9rer au bulletin de\ns\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section\nDocumentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1655"
    },
    {
      "name": "CVE-2007-6637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6637"
    },
    {
      "name": "CVE-2007-6019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6019"
    },
    {
      "name": "CVE-2007-5275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5275"
    },
    {
      "name": "CVE-2007-6243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6243"
    },
    {
      "name": "CVE-2008-1654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1654"
    },
    {
      "name": "CVE-2007-0071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0071"
    }
  ],
  "initial_release_date": "2008-04-09T00:00:00",
  "last_revision_date": "2008-04-09T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb08-11 du 08 avril 2008 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
    }
  ],
  "reference": "CERTA-2008-AVI-197",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent le lecteur \u003cspan class=\"textit\"\u003eAdobe\nFlash Player\u003c/span\u003e. Leur exploitation permet \u00e0 un utilisateur\nmalveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin Adobe APSB08-11 du 08 avril 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-278

Vulnerability from certfr_avis - Published: 2008-05-29 - Updated: 2008-05-29

Plusieurs vulnérabilités concernant le système d'exploitation Apple Mac OS X ont été identifiées. L'exploitation de ces dernières peut avoir plusieurs conséquences, dont des exécutions de codes arbitraires à distance.

Description

Plusieurs vulnérabilités concernant le système d'exploitation Apple Mac OS X ont été identifiées :

le serveur AFP (Apple Filing Protocol) ne vérifie pas correctement la cohérence d'accès entre répertoires et fichiers.
le serveur Apache est mis à jour en 2.0.63 pour les versions Mac OS X Server v10.4.x ; nouvelle version qui corrige des vulnérabilités permettant des attaques par injection de code indirecte ;
l'impression d'un document PDF spécialement construit par ATS peut provoquer l'exécution de code arbitraire ;
l'impression de documents via CUPS à destination d'une imprimante peut permettre sous certaines conditions de récupérer des informations sensibles, y compris si une protection par mot de passe est déployée ;
des vulnérabilités dans le module Flash Player sont corrigées (cf. CERTA-2008-AVI-197) ;
les vulnérabilités détaillées dans l'alerte CERTA-2008-ALE-007 concernant iCal sont corrigées ;
etc.

Solution

Se référer au bulletin de sécurité Apple pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple Mac 0S X versions v10.4.x.
	Apple	N/A	Apple Mac OS X version v10.5.x ;

References

Title

Publication Time

Tags

Mises à jour de sécurité Apple 2008-003 du 28 mai 2008	None	vendor-advisory
Alerte CERTA-2008-ALE-007, « Multiples vulnérabilités dans Apple Ical », du 23 mai 2008 :	-	other
Détails de la mise à jour de sécurité 2008-003 / Mac OS X 10.5.3 :	-	other
Bulletin de sécurité Apple 106704 du 28 mai 2008 :	-	other
Tableau récapitulatif des mises à jour de sécurité pour Mac OS X :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac 0S X versions v10.4.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X version v10.5.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s concernant le syst\u00e8me d\u0027exploitation Apple Mac\nOS X ont \u00e9t\u00e9 identifi\u00e9es :\n\n-   le serveur AFP (Apple Filing Protocol) ne v\u00e9rifie pas correctement\n    la coh\u00e9rence d\u0027acc\u00e8s entre r\u00e9pertoires et fichiers.\n-   le serveur Apache est mis \u00e0 jour en 2.0.63 pour les versions Mac OS\n    X Server v10.4.x ; nouvelle version qui corrige des vuln\u00e9rabilit\u00e9s\n    permettant des attaques par injection de code indirecte ;\n-   l\u0027impression d\u0027un document PDF sp\u00e9cialement construit par ATS peut\n    provoquer l\u0027ex\u00e9cution de code arbitraire ;\n-   l\u0027impression de documents via CUPS \u00e0 destination d\u0027une imprimante\n    peut permettre sous certaines conditions de r\u00e9cup\u00e9rer des\n    informations sensibles, y compris si une protection par mot de passe\n    est d\u00e9ploy\u00e9e ;\n-   des vuln\u00e9rabilit\u00e9s dans le module Flash Player sont corrig\u00e9es (cf.\n    CERTA-2008-AVI-197) ;\n-   les vuln\u00e9rabilit\u00e9s d\u00e9taill\u00e9es dans l\u0027alerte CERTA-2008-ALE-007\n    concernant iCal sont corrig\u00e9es ;\n-   etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Apple pour l\u0027obtention des correctifs\n(cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1574"
    },
    {
      "name": "CVE-2008-1032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1032"
    },
    {
      "name": "CVE-2007-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
    },
    {
      "name": "CVE-2008-1572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1572"
    },
    {
      "name": "CVE-2008-1655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1655"
    },
    {
      "name": "CVE-2006-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3747"
    },
    {
      "name": "CVE-2007-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
    },
    {
      "name": "CVE-2008-1575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1575"
    },
    {
      "name": "CVE-2008-1031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1031"
    },
    {
      "name": "CVE-2008-1571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1571"
    },
    {
      "name": "CVE-2008-1027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1027"
    },
    {
      "name": "CVE-2008-1577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1577"
    },
    {
      "name": "CVE-2008-1576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1576"
    },
    {
      "name": "CVE-2008-1035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1035"
    },
    {
      "name": "CVE-2007-6612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6612"
    },
    {
      "name": "CVE-2005-3357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3357"
    },
    {
      "name": "CVE-2008-1573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1573"
    },
    {
      "name": "CVE-2008-1036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1036"
    },
    {
      "name": "CVE-2008-1028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1028"
    },
    {
      "name": "CVE-2007-5267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5267"
    },
    {
      "name": "CVE-2007-5268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5268"
    },
    {
      "name": "CVE-2008-1033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1033"
    },
    {
      "name": "CVE-2007-6019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6019"
    },
    {
      "name": "CVE-2007-5275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5275"
    },
    {
      "name": "CVE-2008-1030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1030"
    },
    {
      "name": "CVE-2008-1578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1578"
    },
    {
      "name": "CVE-2008-1034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1034"
    },
    {
      "name": "CVE-2007-5269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5269"
    },
    {
      "name": "CVE-2008-0177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0177"
    },
    {
      "name": "CVE-2007-6243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6243"
    },
    {
      "name": "CVE-2008-1579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1579"
    },
    {
      "name": "CVE-2008-1580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1580"
    },
    {
      "name": "CVE-2007-6359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6359"
    },
    {
      "name": "CVE-2008-1654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1654"
    },
    {
      "name": "CVE-2005-3352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3352"
    },
    {
      "name": "CVE-2007-0071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0071"
    },
    {
      "name": "CVE-2007-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
    },
    {
      "name": "CVE-2007-6388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
    },
    {
      "name": "CVE-2007-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
    }
  ],
  "initial_release_date": "2008-05-29T00:00:00",
  "last_revision_date": "2008-05-29T00:00:00",
  "links": [
    {
      "title": "Alerte CERTA-2008-ALE-007, \u00ab Multiples vuln\u00e9rabilit\u00e9s dans    Apple Ical \u00bb, du 23 mai 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-007/"
    },
    {
      "title": "D\u00e9tails de la mise \u00e0 jour de s\u00e9curit\u00e9 2008-003 / Mac OS X    10.5.3 :",
      "url": "http://support.apple.com/kb/HT1897"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 106704 du 28 mai 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=106704"
    },
    {
      "title": "Tableau r\u00e9capitulatif des mises \u00e0 jour de s\u00e9curit\u00e9 pour Mac    OS X :",
      "url": "http://support.apple.com/kb/HT1222?viewlocale=fr_FR"
    }
  ],
  "reference": "CERTA-2008-AVI-278",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-05-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s concernant le syst\u00e8me d\u0027exploitation Apple Mac\nOS X ont \u00e9t\u00e9 identifi\u00e9es. L\u0027exploitation de ces derni\u00e8res peut avoir\nplusieurs cons\u00e9quences, dont des ex\u00e9cutions de codes arbitraires \u00e0\ndistance.\n",
  "title": "Mutliples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mises \u00e0 jour de s\u00e9curit\u00e9 Apple 2008-003 du 28 mai 2008",
      "url": null
    }
  ]
}

GSD-2007-6019

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-6019

Aliases

CVE-2007-6019

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-6019",
    "description": "Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.",
    "id": "GSD-2007-6019",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-6019.html",
      "https://access.redhat.com/errata/RHSA-2008:0221"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-6019"
      ],
      "details": "Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.",
      "id": "GSD-2007-6019",
      "modified": "2023-12-13T01:21:38.972765Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
        "ID": "CVE-2007-6019",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "29865",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29865"
          },
          {
            "name": "oval:org.mitre.oval:def:10160",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160"
          },
          {
            "name": "30507",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30507"
          },
          {
            "name": "1019810",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019810"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
          },
          {
            "name": "ADV-2008-1724",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1724/references"
          },
          {
            "name": "adobe-flash-declarefunction2-bo(41717)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717"
          },
          {
            "name": "RHSA-2008:0221",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
          },
          {
            "name": "3805",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3805"
          },
          {
            "name": "TA08-150A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
          },
          {
            "name": "30430",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30430"
          },
          {
            "name": "APPLE-SA-2008-05-28",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
          },
          {
            "name": "SUSE-SA:2008:022",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
          },
          {
            "name": "20080414 Secunia Research: Adobe Flash Player \"Declare Function (V7)\" HeapOverflow",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded"
          },
          {
            "name": "29763",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29763"
          },
          {
            "name": "238305",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
          },
          {
            "name": "20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-021",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021"
          },
          {
            "name": "GLSA-200804-21",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
          },
          {
            "name": "ADV-2008-1697",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1697"
          },
          {
            "name": "28694",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28694"
          },
          {
            "name": "TA08-100A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash:professional:cs3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash:professional:8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0_r67:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash:basic:8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.115.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2007-6019"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-021",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
            },
            {
              "name": "RHSA-2008:0221",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
            },
            {
              "name": "28694",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/28694"
            },
            {
              "name": "1019810",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019810"
            },
            {
              "name": "TA08-100A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
            },
            {
              "name": "3805",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3805"
            },
            {
              "name": "SUSE-SA:2008:022",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
            },
            {
              "name": "29763",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29763"
            },
            {
              "name": "GLSA-200804-21",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
            },
            {
              "name": "29865",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29865"
            },
            {
              "name": "APPLE-SA-2008-05-28",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
            },
            {
              "name": "238305",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
            },
            {
              "name": "TA08-150A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
            },
            {
              "name": "30430",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30430"
            },
            {
              "name": "30507",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30507"
            },
            {
              "name": "ADV-2008-1697",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1697"
            },
            {
              "name": "ADV-2008-1724",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1724/references"
            },
            {
              "name": "adobe-flash-declarefunction2-bo(41717)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717"
            },
            {
              "name": "oval:org.mitre.oval:def:10160",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160"
            },
            {
              "name": "20080414 Secunia Research: Adobe Flash Player \"Declare Function (V7)\" HeapOverflow",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded"
            },
            {
              "name": "20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2008-04-09T21:05Z"
    }
  }
}

FKIE_CVE-2007-6019

Vulnerability from fkie_nvd - Published: 2008-04-09 21:05 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
PSIRT-CNA@flexerasoftware.com	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
PSIRT-CNA@flexerasoftware.com	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/29763	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/29865	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/30430	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/30507	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://securityreason.com/securityalert/3805
PSIRT-CNA@flexerasoftware.com	http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
PSIRT-CNA@flexerasoftware.com	http://www.adobe.com/support/security/bulletins/apsb08-11.html	Patch, Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
PSIRT-CNA@flexerasoftware.com	http://www.redhat.com/support/errata/RHSA-2008-0221.html
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490623/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490824/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/bid/28694	Exploit, Patch
PSIRT-CNA@flexerasoftware.com	http://www.securitytracker.com/id?1019810
PSIRT-CNA@flexerasoftware.com	http://www.us-cert.gov/cas/techalerts/TA08-100A.html	US Government Resource
PSIRT-CNA@flexerasoftware.com	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	US Government Resource
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1697
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1724/references
PSIRT-CNA@flexerasoftware.com	http://www.zerodayinitiative.com/advisories/ZDI-08-021
PSIRT-CNA@flexerasoftware.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/41717
PSIRT-CNA@flexerasoftware.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29763	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29865	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30430	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30507	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3805
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb08-11.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0221.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490623/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490824/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28694	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019810
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-100A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1697
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1724/references
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-08-021
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41717
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160

Impacted products

Vendor	Product	Version
adobe	air	1.0
adobe	flash	basic
adobe	flash	professional
adobe	flash	professional
adobe	flash_player	*
adobe	flash_player	7.0
adobe	flash_player	7.0.1
adobe	flash_player	7.0.25
adobe	flash_player	7.0.63
adobe	flash_player	7.0.69.0
adobe	flash_player	7.0.70.0
adobe	flash_player	7.0_r67
adobe	flash_player	7.1
adobe	flash_player	7.1.1
adobe	flash_player	7.2
adobe	flash_player	8
adobe	flash_player	8
adobe	flash_player	8.0
adobe	flash_player	8.0
adobe	flash_player	8.0
adobe	flash_player	8.0.24.0
adobe	flash_player	8.0.34.0
adobe	flash_player	8.0.35.0
adobe	flash_player	8.0.39.0
adobe	flash_player	9.0
adobe	flash_player	9.0.16
adobe	flash_player	9.0.16
adobe	flash_player	9.0.18d60
adobe	flash_player	9.0.20
adobe	flash_player	9.0.20.0
adobe	flash_player	9.0.28
adobe	flash_player	9.0.28.0
adobe	flash_player	9.0.31
adobe	flash_player	9.0.31.0
adobe	flash_player	9.0.45.0
adobe	flash_player	9.0.47.0
adobe	flash_player	9.0.48.0
adobe	flash_player	9.0.112.0
adobe	flash_player	9.0.114.0
adobe	flash_player	9.0.124.0
adobe	flash_player	9.0.155.0
adobe	flex	3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "697E64F5-0150-4542-B3C3-7443A00E8DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash:basic:8:*:*:*:*:*:*",
              "matchCriteriaId": "AE84A707-495C-4690-9E37-60D8DED51342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash:professional:8:*:*:*:*:*:*",
              "matchCriteriaId": "81CE77EB-2050-4EC5-957F-90F4F96230A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash:professional:cs3:*:*:*:*:*:*",
              "matchCriteriaId": "5845F66C-214D-48AE-BE8B-28A19F2D757C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E284324-E67D-4C9A-9144-D08908BBD299",
              "versionEndIncluding": "9.0.115.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDFF4A51-C936-4C5B-8276-FD454C9E4F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5ECC9D7-3386-4FEA-9218-91E31FF90F3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E93289-6EE0-401A-958D-F59D2CDAE2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E895107-ED8A-4F88-87C3-935EAE299C01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.0_r67:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AB20235-B2F2-426E-B797-BFA361CEC488",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4007D621-A0BC-4927-82A7-10D73802BCF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "641776AE-5408-439E-8290-DD9324771874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "138A932A-D775-46A2-86EC-3C03C96884C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8:*:pro:*:*:*:*:*",
              "matchCriteriaId": "9D344A18-4D7B-4B9C-8A8D-AE765FCA32C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8:*:professional:*:*:*:*:*",
              "matchCriteriaId": "1DAAAEA6-ED8F-496B-81B5-E8D3E3176287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D12E3957-D7B2-4F3B-BB64-8B50B8958DEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*",
              "matchCriteriaId": "F648661E-BA18-41F9-A0A7-F9D5D7E2056B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*",
              "matchCriteriaId": "A88BDD68-3EDD-49F4-B656-EB03BF849664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "32912721-F750-4C20-B999-E728F7D3A85D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A95FA639-346C-491C-81A8-6C2A7B01AA19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A0777F-22C2-4FD5-BE81-8982BE6874D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:windows:*:*:*:*:*",
              "matchCriteriaId": "5A37EB65-9EDD-41B0-ABEB-8A00232D8770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
              "matchCriteriaId": "600DDA9D-6440-48D1-8539-7127398A8678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5D52F86-2E38-4C66-9939-7603367B8D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D50BF190-2629-49A8-A377-4723C93FFB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDD0A103-6D00-4D3D-9570-2DF74B6FE294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D250C7-E7DE-491C-9FE3-F9F77C971B24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly."
    },
    {
      "lang": "es",
      "value": "Adobe Flash Player 9.0.115.0 y versiones anteriores, y 8.0.39.0 y versiones anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero SWF con una etiqueta modificada DeclareFunction2 Actionscript, lo cual evita que un objeto sea instanciado adecuadamente."
    }
  ],
  "id": "CVE-2007-6019",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-04-09T21:05:00.000",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29763"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29865"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30430"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30507"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://securityreason.com/securityalert/3805"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28694"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securitytracker.com/id?1019810"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1697"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1724/references"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1724/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-9G7G-PMG2-QX9R

Vulnerability from github – Published: 2022-05-01 18:38 – Updated: 2022-05-01 18:38

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-6019"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-04-09T21:05:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.",
  "id": "GHSA-9g7g-pmg2-qx9r",
  "modified": "2022-05-01T18:38:43Z",
  "published": "2022-05-01T18:38:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6019"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41717"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29763"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29865"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30430"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30507"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3805"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/490623/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/490824/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28694"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019810"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1697"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1724/references"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-021"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-6019 (GCVE-0-2007-6019)

CERTA-2008-AVI-197

Description

Solution

CERTA-2008-AVI-278

Description

Solution

GSD-2007-6019

FKIE_CVE-2007-6019

GHSA-9G7G-PMG2-QX9R

Tags

Sightings

Nomenclature