Adobe Flash Player SWF File 'DeclareFunction2' ActionScript Tag Remote Code Execution Vulnerability

Bugtraq ID: 28694
Class: Input Validation Error
CVE: CVE-2007-6019
Remote: Yes
Local: No
Published: Apr 08 2008 12:00AM
Updated: Mar 10 2009 07:16PM
Credit: Javier Vicente Vallejo, Shane Macaulay CanSecWest 2007 PWN2OWN Winner, Alin Rad Pop of Secunia Research
Vulnerable: Turbolinux wizpy 0
Turbolinux FUJI 0
SuSE Suse Linux Enterprise Desktop 10 SP1
Sun Solaris 10.0_x86
Sun Solaris 10.0
Sun OpenSolaris build snv_88
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
S.u.S.E. Novell Linux Desktop 9
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
Redhat Enterprise Linux Supplementary 5 server
Redhat Enterprise Linux Extras 4
Redhat Enterprise Linux Extras 3
Redhat Enterprise Linux Desktop Supplementary 5 client
Nortel Networks Self-Service Peri Workstation 0
Nortel Networks Self-Service Peri Application 0
Nortel Networks Self-Service MPS 1000 0
Nortel Networks Self-Service Media Processing Server 0
Nortel Networks Self-Service - CCSS7 0
Nortel Networks Self-Service 0
Gentoo Linux
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.4.11
Apple Mac OS X 10.5
Adobe Flex 3.0
Adobe Flash Professional 8
Adobe Flash Player 9.0.48.0
Adobe Flash Player 9.0.47.0
Adobe Flash Player 9.0.45.0
Adobe Flash Player 9.0.31.0
Adobe Flash Player 9.0.28.0
Adobe Flash Player 9.0.115.0
Adobe Flash Player 9
Adobe Flash Player 8.0.35.0
Adobe Flash Player 8.0.34.0
Adobe Flash CS3 Professional 0
Adobe Flash Basic 8
Adobe AIR 1.0
Not Vulnerable: Adobe Flash Professional 8 8.0.42.0
Adobe Flash Player 9.0.124 .0
Adobe Flash Basic 8.0.42.0
Adobe AIR 1.01


 

Privacy Statement
Copyright 2010, SecurityFocus