NVD脆弱性詳細

CVE-2007-3456

概要	Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.
公表日	2007年7月12日1:30
登録日	2021年1月29日14:15
最終更新日	2018年10月17日1:49

CVSS2.0 : HIGH
スコア	9.3
ベクター	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	はい
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:adobe:flash_player:9.0.16:::::::*
cpe:2.3:a:adobe:flash_player:9.0.18d60:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::*
cpe:2.3:a:adobe:flash_player::::::::		9.0.45.0

関連情報、対策とツール

No	URL	refsource	タグ
1	http://docs.info.apple.com/article.html?artnum=307041	CONFIRM
2	http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html	APPLE
3	http://osvdb.org/38054	OSVDB
4	http://secunia.com/advisories/26027	SECUNIA	Patch Vendor Advisory
5	http://secunia.com/advisories/26057	SECUNIA	Vendor Advisory
6	http://secunia.com/advisories/26118	SECUNIA	Vendor Advisory
7	http://secunia.com/advisories/26357	SECUNIA	Vendor Advisory
8	http://secunia.com/advisories/27643	SECUNIA	Vendor Advisory
9	http://secunia.com/advisories/28068	SECUNIA	Vendor Advisory
10	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1	SUNALERT
11	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1	SUNALERT
12	http://www.adobe.com/support/security/bulletins/apsb07-12.html	CONFIRM	Vendor Advisory
13	http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml	GENTOO
14	http://www.kb.cert.org/vuls/id/730785	CERT-VN	US Government Resource
15	http://www.mindedsecurity.com/labs/advisories/MSA01110707	MISC
16	http://www.novell.com/linux/security/advisories/2007_46_flashplayer.html	SUSE
17	http://www.securityfocus.com/archive/1/473655/100/0/threaded	BUGTRAQ
18	http://www.securityfocus.com/archive/1/474163/100/200/threaded	BUGTRAQ
19	http://www.securityfocus.com/archive/1/474248/30/5760/threaded	BUGTRAQ
20	http://www.securityfocus.com/bid/24856	BID
21	http://www.securityfocus.com/bid/26444	BID
22	http://www.securitytracker.com/id?1018359	SECTRACK
23	http://www.us-cert.gov/cas/techalerts/TA07-192A.html	CERT	US Government Resource
24	http://www.us-cert.gov/cas/techalerts/TA07-319A.html	CERT	US Government Resource
25	http://www.vupen.com/english/advisories/2007/2497	VUPEN	Vendor Advisory
26	http://www.vupen.com/english/advisories/2007/3868	VUPEN	Vendor Advisory
27	http://www.vupen.com/english/advisories/2007/4190	VUPEN	Vendor Advisory
28	https://exchange.xforce.ibmcloud.com/vulnerabilities/35337	XF
29	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11493	OVAL
30	https://rhn.redhat.com/errata/RHSA-2007-0696.html	REDHAT

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

構成1	以上	以下	より上	未満
cpe:2.3:a:adobe:flash_player:9.0.16:::::::*
cpe:2.3:a:adobe:flash_player:9.0.18d60:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::*
cpe:2.3:a:adobe:flash_player::::::::		9.0.45.0