Vulnerability CVE-2011-0609


Published: 2011-03-15   Modified: 2012-02-13

Description:
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.

See advisories in our WLB2 database:
Topic
Author
Date
High
Adobe Flash Player AVM Bytecode Verification
metasploit
24.03.2011

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Adobe -> Acrobat 
Adobe -> Acrobat reader 
Adobe -> Flash player 

 References:
http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html
http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://securityreason.com/securityalert/8152
http://www.adobe.com/support/security/advisories/apsa11-01.html
http://www.adobe.com/support/security/bulletins/apsb11-06.html
http://www.kb.cert.org/vuls/id/192052
http://www.redhat.com/support/errata/RHSA-2011-0372.html
http://www.securityfocus.com/bid/46860
http://www.securitytracker.com/id?1025210
http://www.securitytracker.com/id?1025211
http://www.securitytracker.com/id?1025238
http://www.vupen.com/english/advisories/2011/0655
http://www.vupen.com/english/advisories/2011/0656
http://www.vupen.com/english/advisories/2011/0688
http://www.vupen.com/english/advisories/2011/0732
https://exchange.xforce.ibmcloud.com/vulnerabilities/66078
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147

Copyright 2022, cxsecurity.com

 

Back to Top