CVE-2007-3457

Adobe Flash Player < 8.0.34.0 - CSRF

Title source: rule

Description

Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file.

References (16)

Scores

EPSS 0.0513
EPSS Percentile 89.7%

Classification

CWE
CWE-352
Status draft

Affected Products (1)

adobe/flash_player < 8.0.34.0

Timeline

Published Jul 11, 2007
Tracked Since Feb 18, 2026