 |
Name:
Adobe.Flash.Player.SWF.Parsing.Code.Execution
|
Released Date:
Apr 10 2008
|
Severity:
critical
|
CVE:
2007-0071
|
|
|
Bugtraq:
28695
|
|
|
|
|
FortiGuard Center
> Vulnerability Encyclopedia
In-Depth Analysis
|
Description
|
This indicates an attempt to exploit a remote code-execution vulnerability in Adobe Flash Player 9.
The vulnerability results from insecure code in the DLL responsible for parsing SWF tags. It can be exploited via a crafted SWF file, leading to remote code execution.
|
|
|
|
Impact
|
|
System Compromise: remote attackers can gain control of vulnerable systems.
|
|
|
|
Affected Products
|
Adobe Flash Player 9.0.115.0 and earlier
Adobe Flash Player 8.0.39.0 and earlier
|
|
Aliases
|
|
References
|
http://www.securityfocus.com/bid/28695
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-0071
|
|
Recommended Actions
|
Upgrade to the latest version of Adobe Flash Player at:
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
|
|
