CVE-2007-6019

Severity

93%

Complexity

86%

Confidentiality

165%

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 16 years ago

2008-04-09 21:05:00

Last updated 6 years ago

2018-10-30 16:26:00

Affected Software

Adobe Flash MX 2004

7.0

アドビシステムズ フラッシュ MX 2004

7.0.1

アドビシステムズ フラッシュプレーヤー 7.0.25

7.0.25

アドビシステムズ フラッシュプレーヤー 7.0.63

7.0.63

アドビシステムズ フラッシュプレーヤー 7.0.69.0

7.0.69.0

アドビシステムズ フラッシュプレーヤー 7.0.70.0

7.0.70.0

Adobe Flash MX 2004

7.1

Adobe Flash MX 2004

7.1.1

アドビシステムズ フラッシュ MX 2004

7.2

アドビシステムズ フラッシュプレーヤー 8.0

8.0

アドビシステムズ フラッシュプレーヤー 8.0.24.0

8.0.24.0

アドビシステムズ フラッシュプレーヤー 8.0.34.0

8.0.34.0

Adobe Flash Player 8.0.35.0

8.0.35.0

Adobe Flash Player 8.0.39.0

8.0.39.0

Adobe Flash Player 9.0

9.0

アドビシステムズ フラッシュプレーヤー 9.0.16

9.0.16

Adobe Flash Player 9.0.18d60

9.0.18d60

Adobe Flash Player 9.0.20

9.0.20

アドビシステムズ フラッシュプレーヤー プラグイン9.0.20.0

9.0.20.0

アドビシステムズ フラッシュプレーヤー 9.0.28

9.0.28

アドビシステムズ フラッシュプレーヤー 9.0.28.0

9.0.28.0

Adobe Flash Player 9.0.31

9.0.31

Adobe Flash Player 9.0.31.0

9.0.31.0

アドビシステムズ フラッシュプレーヤー 9.0.45.0

9.0.45.0

Adobe Flash Player 9.0.47.0

9.0.47.0

アドビシステムズ フラッシュプレーヤー 9.0.48.0

9.0.48.0

Adobe Flash Player 9.0.112.0

9.0.112.0

アドビシステムズ フラッシュプレーヤー 9.0.114.0

9.0.114.0

アドビシステムズ フラッシュプレーヤー

Adobe Flash Player 9.0.124.0

9.0.124.0

Adobe Flash 9.0.155.0

9.0.155.0

References

APPLE-SA-2008-05-28

SUSE-SA:2008:022

29763

Vendor Advisory

29865

Vendor Advisory

30430

Vendor Advisory

30507

Vendor Advisory

3805

238305

http://www.adobe.com/support/security/bulletins/apsb08-11.html

Patch, Vendor Advisory

GLSA-200804-21

RHSA-2008:0221

20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability

20080414 Secunia Research: Adobe Flash Player "Declare Function (V7)" HeapOverflow

28694

Exploit, Patch

1019810

TA08-100A

US Government Resource

TA08-150A

US Government Resource

ADV-2008-1697

ADV-2008-1724

http://www.zerodayinitiative.com/advisories/ZDI-08-021

adobe-flash-declarefunction2-bo(41717)

oval:org.mitre.oval:def:10160

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.