CVE-2007-6246

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.

CVSS v2.0 4.4 MEDIUM

4.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
http://secunia.com/advisories/28157
http://secunia.com/advisories/28161
http://secunia.com/advisories/28213
http://secunia.com/advisories/28570
http://secunia.com/advisories/30507
http://securitytracker.com/id?1019116
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
http://www.adobe.com/support/security/bulletins/apsb07-20.html
http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
http://www.redhat.com/support/errata/RHSA-2007-1126.html
http://www.securityfocus.com/bid/26929
http://www.securityfocus.com/bid/26965
http://www.us-cert.gov/cas/techalerts/TA07-355A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/4258
http://www.vupen.com/english/advisories/2008/1724/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/39136
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10519

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-12-20 01:46

Updated : 2023-12-10 10:40

NVD link : CVE-2007-6246

Mitre link : CVE-2007-6246

CVE.ORG link : CVE-2007-6246

JSON object : View

Products Affected

adobe

flash_player

linux

linux_kernel

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2007-6246", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-12-20T01:46:00.000", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28157", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28161", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28213", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28570", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30507", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1019116", "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1", "source": "cve@mitre.org"}, {"url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-1126.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26929", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26965", "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/4258", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1724/references", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39136", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10519", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges."}, {"lang": "es", "value": "Adobe Flash Player 9.x hasta 9.0.48.0, 8.x hasta 8.0.35.0, y 7.x hasta 7.0.70.0, cuando se ejecuta en Linux, usa permisos inseguros para la memoria, lo cual podr\u00eda permitir a usuarios locales obtener privilegios."}], "lastModified": "2017-09-29T01:29:52.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C3CB9CD-66A2-48BF-B49A-E30C459923A0", "versionEndIncluding": "9.0.48.0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}