Launchpad CVE tracker

CVE 2007-3456

Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.

Related bugs and status

CVE-2007-3456 (Candidate) is related to these bugs:

Bug #125131: Need to be updated for new stable version (9,0,48,0)

		In	Importance	Status
125131	Need to be updated for new stable version (9,0,48,0)	flashplugin-nonfree (Ubuntu)	Undecided	Fix Released
125131	Need to be updated for new stable version (9,0,48,0)	flashplugin-nonfree (Ubuntu Feisty)	Critical	Invalid
125131	Need to be updated for new stable version (9,0,48,0)	Dapper Backports	Undecided	New

Bug #125233: [flashplugin-nonfree] Arbitrary code execution in Flash Player 9.0.45.0 and prior versions

Summary				In	Importance	Status
	125233	[flashplugin-nonfree] Arbitrary code execution in Flash Player 9.0.45.0 and prior versions		flashplugin-nonfree (Ubuntu)	Undecided	Fix Released
	125233	[flashplugin-nonfree] Arbitrary code execution in Flash Player 9.0.45.0 and prior versions		flashplugin-nonfree (Ubuntu Feisty)	High	Fix Committed

Bug #125986: [MASTER] No flash after update of flashplugin-nonfree

Summary				In	Importance	Status
	125986	[MASTER] No flash after update of flashplugin-nonfree		flashplugin-nonfree (Ubuntu)	Undecided	Fix Released
	125986	[MASTER] No flash after update of flashplugin-nonfree		firefox (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-3456

References