CVE-2007-6019

Adobe Flash Player <9.0.115.0 & <8.0.39.0 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6019. PoCs published by Javier Vicente Vallejo.

AI-analyzed exploit summary The provided text describes CVE-2007-6019, a remote code execution vulnerability in Adobe Flash Player 9.0.115.0 and earlier versions, triggered by malformed ActionScript objects. It references a binary exploit (31630.rar) but contains no actual exploit code.

Description

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Javier Vicente Vallejo · textremotelinux
https://www.exploit-db.com/exploits/31630

The provided text describes CVE-2007-6019, a remote code execution vulnerability in Adobe Flash Player 9.0.115.0 and earlier versions, triggered by malformed ActionScript objects. It references a binary exploit (31630.rar) but contains no actual exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Adobe Flash Player <= 9.0.115.0
No auth needed
Prerequisites: Victim must open a malicious SWF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (22)

Core 22
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29865
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30507
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019810
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb08-11.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1724/references
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41717
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0221.html
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3805
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30430
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490824/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29763
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490623/100/0/threaded
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-08-021
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1697
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28694
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-100A.html

Scores

EPSS 0.5977
EPSS Percentile 99.0%

Details

Status published
Products (37)
adobe/air 1.0
adobe/flash basic 8
adobe/flash professional 8 (2 CPE variants)
adobe/flash_player 7.0
adobe/flash_player 7.0.1
adobe/flash_player 7.0.25
adobe/flash_player 7.0.63
adobe/flash_player 7.0.69.0
adobe/flash_player 7.0.70.0
adobe/flash_player 7.0_r67
... and 27 more
Published Apr 09, 2008
Tracked Since Feb 18, 2026