CVE-2007-0071
Description
Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in Adobe Flash Player allows remote code execution via crafted SWF with negative Scene Count.
Vulnerability
An integer overflow vulnerability exists in Adobe Flash Player versions 9.0.115.0 and earlier, and 8.0.39.0 and earlier. The flaw resides in the DefineSceneAndFrameLabelData tag parsing routine within the Flash Player DLL. A crafted SWF file with a negative Scene Count value bypasses a signed comparison and is used as an offset from a NULL pointer, leading to a buffer overflow [2][4].
Exploitation
An attacker must convince a user to open a malicious SWF file, typically by hosting it on a web page or embedding it in a trusted site. No authentication is required. The attacker crafts a SWF file with a negative Scene Count value, which triggers the integer overflow when parsed. This results in memory corruption that can be leveraged to execute arbitrary code [2][4].
Impact
Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary code on the victim's system with the privileges of the logged-in user. This can lead to full compromise of the affected system, including data theft, installation of malware, or further network attacks [2][4].
Mitigation
Adobe addressed this issue in Flash Player version 9.0.124.0. Users should update to the latest version available from the Adobe Flash Player Support Center. Red Hat also released an advisory (RHSA-2008-0221) for affected distributions [1][2]. No workarounds are documented; updating is the recommended action.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=9.0.115.0 and <=8.0.39.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
32- blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.htmlnvdVendor Advisory
- isc.sans.org/diary.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.htmlnvdThird Party Advisory
- secunia.com/advisories/29763nvdThird Party Advisory
- secunia.com/advisories/29865nvdThird Party Advisory
- secunia.com/advisories/30404nvdThird Party Advisory
- secunia.com/advisories/30430nvdThird Party Advisory
- secunia.com/advisories/30507nvdThird Party Advisory
- www.adobe.com/support/security/bulletins/apsb08-11.htmlnvdVendor Advisory
- www.gentoo.org/security/en/glsa/glsa-200804-21.xmlnvdThird Party Advisory
- www.kb.cert.org/vuls/id/159523nvdThird Party AdvisoryUS Government Resource
- www.kb.cert.org/vuls/id/395473nvdThird Party AdvisoryUS Government Resource
- www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/nvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2008-0221.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/28695nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/29386nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA08-100A.htmlnvdThird Party AdvisoryUS Government Resource
- www.us-cert.gov/cas/techalerts/TA08-149A.htmlnvdThird Party AdvisoryUS Government Resource
- www.us-cert.gov/cas/techalerts/TA08-150A.htmlnvdThird Party AdvisoryUS Government Resource
- www.vupen.com/english/advisories/2008/1662/referencesnvdThird Party Advisory
- www.vupen.com/english/advisories/2008/1697nvdThird Party Advisory
- www.vupen.com/english/advisories/2008/1724/referencesnvdThird Party Advisory
- www.zerodayinitiative.com/advisories/ZDI-08-032/nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/37277nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379nvdThird Party Advisory
- documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdfnvdBroken Link
- lists.apple.com/archives/security-announce/2008//May/msg00001.htmlnvdMailing List
- sunsolve.sun.com/search/document.donvdBroken Link
- www.iss.net/threats/289.htmlnvdBroken Link
- www.osvdb.org/44282nvdBroken Link
News mentions
0No linked articles in our index yet.