Adobe Flash Player SWF File 'DeclareFunction2' ActionScript Tag Remote Code Execution Vulnerability

Bugtraq ID:	28694
Class:	Input Validation Error
CVE:	CVE-2007-6019
Remote:	Yes
Local:	No
Published:	Apr 08 2008 12:00AM
Updated:	Apr 24 2008 04:27PM
Credit:	Javier Vicente Vallejo, Shane Macaulay CanSecWest 2007 PWN2OWN Winner, Alin Rad Pop of Secunia Research
Vulnerable:	Turbolinux wizpy 0 Turbolinux FUJI 0 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc RedHat Enterprise Linux Supplementary 5 server RedHat Enterprise Linux Extras 4 RedHat Enterprise Linux Extras 3 RedHat Enterprise Linux Desktop Supplementary 5 client Gentoo Linux Adobe Flex 3.0 Adobe Flash Professional 8 Adobe Flash Player 9.0.48.0 Adobe Flash Player 9.0.47.0 Adobe Flash Player 9.0.45.0 Adobe Flash Player 9.0.31.0 Adobe Flash Player 9.0.28.0 Adobe Flash Player 9.0.115.0 Adobe Flash Player 9 Adobe Flash Player 8.0.35.0 Adobe Flash Player 8.0.34.0 Adobe Flash CS3 Professional 0 Adobe Flash Basic 8 Adobe AIR 1.0

Not Vulnerable:	Adobe Flash Professional 8 8.0.42.0 Adobe Flash Player 9.0.124 .0 Adobe Flash Basic 8.0.42.0 Adobe AIR 1.01