Vulnerabilities > CVE-2011-0611 - Type Confusion vulnerability in multiple products
Summary
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability. CVE-2011-0611. Remote exploit for windows platform |
file | exploits/windows/remote/17175.rb |
id | EDB-ID:17175 |
last seen | 2016-02-02 |
modified | 2011-04-16 |
platform | windows |
port | |
published | 2011-04-16 |
reporter | metasploit |
source | https://www.exploit-db.com/download/17175/ |
title | Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability |
type | remote |
Metasploit
description | This module exploits a vulnerability in Adobe Flash Player that was discovered, and has been exploited actively in the wild. By embedding a specially crafted .swf file, Adobe Flash crashes due to an invalid use of an object type, which allows attackers to overwrite a pointer in memory, and results arbitrary code execution. Please note for IE 8 targets, Java Runtime Environment must be available on the victim machine in order to work properly. |
id | MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASHPLAYER_FLASH10O |
last seen | 2020-06-04 |
modified | 2017-10-05 |
published | 2011-04-16 |
references |
|
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb |
title | Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability |
Nessus
NASL family Windows NASL id HP_SYSTEMS_INSIGHT_MANAGER_700_MULTIPLE_VULNS.NASL description The version of HP Systems Insight Manager installed on the remote Windows host is affected by vulnerabilities in the following components : - TLS and SSL protocols - Apache Tomcat - Java - Flash Player - BlazeDS/GraniteDS - Adobe LiveCycle - Adobe Flex SDK - Systems Insight Manager last seen 2020-06-01 modified 2020-06-02 plugin id 59684 published 2012-06-15 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59684 title HP Systems Insight Manager < 7.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(59684); script_version("1.19"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id( "CVE-2009-3555", "CVE-2010-2227", "CVE-2010-4470", "CVE-2010-4476", "CVE-2011-0611", "CVE-2011-0786", "CVE-2011-0788", "CVE-2011-0802", "CVE-2011-0814", "CVE-2011-0815", "CVE-2011-0817", "CVE-2011-0862", "CVE-2011-0863", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0866", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0871", "CVE-2011-0872", "CVE-2011-0873", "CVE-2011-2092", "CVE-2011-2093", "CVE-2011-2130", "CVE-2011-2134", "CVE-2011-2135", "CVE-2011-2136", "CVE-2011-2137", "CVE-2011-2138", "CVE-2011-2139", "CVE-2011-2140", "CVE-2011-2414", "CVE-2011-2415", "CVE-2011-2416", "CVE-2011-2417", "CVE-2011-2425", "CVE-2011-2426", "CVE-2011-2427", "CVE-2011-2428", "CVE-2011-2429", "CVE-2011-2430", "CVE-2011-2444", "CVE-2011-2445", "CVE-2011-2450", "CVE-2011-2451", "CVE-2011-2452", "CVE-2011-2453", "CVE-2011-2454", "CVE-2011-2455", "CVE-2011-2456", "CVE-2011-2457", "CVE-2011-2458", "CVE-2011-2459", "CVE-2011-2460", "CVE-2011-2461", "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3558", "CVE-2012-1995", "CVE-2012-1996", "CVE-2012-1997", "CVE-2012-1998", "CVE-2012-1999" ); script_bugtraq_id( 36935, 41544, 42817, 46091, 46387, 47314, 48133, 48134, 48135, 48136, 48137, 48138, 48139, 48140, 48141, 48142, 48143, 48144, 48145, 48146, 48147, 48148, 48149, 48267, 48279, 49073, 49074, 49075, 49076, 49077, 49079, 49080, 49081, 49082, 49083, 49084, 49085, 49086, 49710, 49714, 49715, 49716, 49717, 49718, 50618, 50619, 50620, 50621, 50622, 50623, 50624, 50625, 50626, 50627, 50628, 50629, 50869, 53315 ); script_xref(name:"HP", value:"HPSBMU02769"); script_xref(name:"HP", value:"SSRT100846"); script_xref(name:"HP", value:"SSRT100093"); script_xref(name:"HP", value:"SSRT090028"); script_xref(name:"HP", value:"SSRT100110"); script_xref(name:"HP", value:"SSRT100373"); script_xref(name:"HP", value:"SSRT100426"); script_xref(name:"HP", value:"SSRT100514"); script_xref(name:"HP", value:"SSRT100562"); script_xref(name:"HP", value:"SSRT100639"); script_xref(name:"HP", value:"SSRT100702"); script_xref(name:"HP", value:"SSRT100819"); script_name(english:"HP Systems Insight Manager < 7.0 Multiple Vulnerabilities"); script_summary(english:"Checks the version of HP Systems Insight Manager."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains software that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of HP Systems Insight Manager installed on the remote Windows host is affected by vulnerabilities in the following components : - TLS and SSL protocols - Apache Tomcat - Java - Flash Player - BlazeDS/GraniteDS - Adobe LiveCycle - Adobe Flex SDK - Systems Insight Manager"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?72e42ec4"); script_set_attribute(attribute:"solution", value:"Upgrade to HP Systems Insight Manager 7.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Java RMI Server Insecure Default Configuration Java Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(310); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:systems_insight_manager"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("hp_systems_insight_manager_installed.nasl"); script_require_keys("installed_sw/HP Systems Insight Manager"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("install_func.inc"); include("misc_func.inc"); app_name = "HP Systems Insight Manager"; get_install_count(app_name:app_name, exit_if_zero:TRUE); install = get_single_install(app_name:app_name); path = install['path']; version = install['version']; if (version =~ '^(([A-Z]\\.)?0[0-5]\\.|([A-C]\\.)?0[0-6]\\.[0-9\\.]+)') { set_kb_item(name:'www/0/XSS', value:TRUE); set_kb_item(name:'www/0/XSRF', value:TRUE); port = get_kb_item('SMB/transport'); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : C.07.00.00.00' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);
NASL family SuSE Local Security Checks NASL id SUSE_11_3_FLASH-PLAYER-110415.NASL description Specially crafted Flash files could be exploited to execute arbitrary code (CVE-2011-0611). last seen 2020-06-01 modified 2020-06-02 plugin id 75497 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75497 title openSUSE Security Update : flash-player (openSUSE-SU-2011:0373-1) NASL family Windows NASL id ADOBE_ACROBAT_APSA11-02.NASL description The remote Windows host contains a version of Adobe Acrobat 9.x < 9.4.4 or 10.x < 10.0.3. Such versions are affected by multiple memory corruption vulnerabilities. A remote attacker could exploit this by tricking a user into viewing a malicious crafted PDF file, resulting in arbitrary code execution. Note also, CVE-2011-0611 is being exploited in the wild as of April 2011. last seen 2020-06-01 modified 2020-06-02 plugin id 53450 published 2011-04-15 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53450 title Adobe Acrobat 9.x / 10.x Multiple Vulnerabilities (APSB11-08) NASL family SuSE Local Security Checks NASL id SUSE_FLASH-PLAYER-7477.NASL description Specially crafted Flash files could be exploited to execute arbitrary code. (CVE-2011-0611) last seen 2020-06-01 modified 2020-06-02 plugin id 57189 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57189 title SuSE 10 Security Update : flash-player (ZYPP Patch Number 7477) NASL family SuSE Local Security Checks NASL id SUSE_11_FLASH-PLAYER-110415.NASL description Specially crafted Flash files could be exploited to execute arbitrary code. (CVE-2011-0611) last seen 2020-06-01 modified 2020-06-02 plugin id 53485 published 2011-04-19 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53485 title SuSE 11.1 Security Update : flash-player (SAT Patch Number 4400) NASL family SuSE Local Security Checks NASL id SUSE_11_4_FLASH-PLAYER-110415.NASL description Specially crafted Flash files could be exploited to execute arbitrary code (CVE-2011-0611). last seen 2020-06-01 modified 2020-06-02 plugin id 75833 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75833 title openSUSE Security Update : flash-player (openSUSE-SU-2011:0373-1) NASL family Windows NASL id ADOBE_AIR_APSB11-07.NASL description The remote Windows host contains a version of Adobe AIR earlier than 2.6.0.19140. Such versions are reportedly affected by a memory corruption vulnerability. By tricking a user on the affected system into opening a specially crafted document with Flash content, such as a SWF file embedded in a Microsoft Word document, an attacker can potentially leverage this issue to execute arbitrary code remotely on the system subject to the user last seen 2020-06-01 modified 2020-06-02 plugin id 53474 published 2011-04-18 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53474 title Adobe AIR < 2.6.0.19140 ActionScript Predefined Class Prototype Addition Remote Code Execution (APSB11-07) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0451.NASL description An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB11-07, listed in the References section. Specially crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code. (CVE-2011-0611) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.2.159.1. last seen 2020-06-01 modified 2020-06-02 plugin id 53482 published 2011-04-19 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53482 title RHEL 5 / 6 : flash-plugin (RHSA-2011:0451) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-11.NASL description The remote host is affected by the vulnerability described in GLSA-201110-11 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details. Impact : By enticing a user to open a specially crafted SWF file a remote attacker could cause a Denial of Service or the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56504 published 2011-10-14 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56504 title GLSA-201110-11 : Adobe Flash Player: Multiple vulnerabilities NASL family Windows NASL id ADOBE_READER_APSA11-02.NASL description The remote Windows host contains a version of Adobe Reader 9.x < 9.4.4 or 10.x <= 10.1. Such versions are affected by multiple memory corruption vulnerabilities. A remote attacker could exploit this by tricking a user into viewing a maliciously crafted PDF file, resulting in arbitrary code execution. Note that Adobe Reader X Protected Mode prevents an exploit of this kind from executing. Note also, CVE-2011-0611 is being exploited in the wild as of April 2011. last seen 2020-06-01 modified 2020-06-02 plugin id 53451 published 2011-04-15 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53451 title Adobe Reader 9.x / 10.x Multiple Vulnerabilities (APSB11-08) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_32B05547691311E0BDC4001B2134EF46.NASL description Adobe Product Security Incident Response Team reports : A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems. This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a malicious Web page or a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment, targeting the Windows platform. At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing. last seen 2020-06-01 modified 2020-06-02 plugin id 53468 published 2011-04-18 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53468 title FreeBSD : linux-flashplugin -- remote code execution vulnerability (32b05547-6913-11e0-bdc4-001b2134ef46) NASL family Windows NASL id FLASH_PLAYER_APSB11-07.NASL description The remote Windows host contains a version of Adobe Flash Player earlier than 10.2.159.1. Such versions are reportedly affected by a memory corruption vulnerability. By tricking a user on the affected system into opening a specially crafted document with Flash content, such as a SWF file embedded in a Microsoft Word document, an attacker can potentially leverage this issue to execute arbitrary code remotely on the system subject to the user last seen 2020-06-01 modified 2020-06-02 plugin id 53472 published 2011-04-18 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53472 title Flash Player < 10.2.159.1 ActionScript Predefined Class Prototype Addition Remote Code Execution (APSB11-07) NASL family SuSE Local Security Checks NASL id SUSE_11_2_FLASH-PLAYER-110415.NASL description Specially crafted Flash files could be exploited to execute arbitrary code (CVE-2011-0611). last seen 2020-06-01 modified 2020-06-02 plugin id 53722 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53722 title openSUSE Security Update : flash-player (openSUSE-SU-2011:0373-1)
Oval
accepted | 2015-08-03T04:00:43.474-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:14175 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2011-11-04T14:32:56.000-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 78 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/100507/adobe_flashplayer_flash10o.rb.txt |
id | PACKETSTORM:100507 |
last seen | 2016-12-05 |
published | 2011-04-17 |
reporter | sinn3r |
source | https://packetstormsecurity.com/files/100507/Adobe-Flash-Player-10.2.153.1-SWF-Memory-Corruption-Vulnerability.html |
title | Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability |
Redhat
advisories |
| ||||
rpms |
|
Saint
bid | 47314 |
description | Adobe Flash Player callMethod Bytecode Memory Corruption |
id | misc_flash |
osvdb | 71686 |
title | flash_callmethod_bytecode |
type | client |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:20497 last seen 2017-11-19 modified 2011-04-24 published 2011-04-24 reporter Root source https://www.seebug.org/vuldb/ssvid-20497 title Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability bulletinFamily exploit description No description provided by source. id SSV:71835 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-71835 title Adobe Reader X Atom Type Confusion Vulnerability Exploit bulletinFamily exploit description Bugtraq ID: 47314 CVE ID:CVE-2011-0611 Adobe Flash Player是一款Flash文件处理程序。 Windows, Macintosh, Linux和Solaris操作系统下的Adobe Flash Player 10.2.153.1和之前版本(Adobe Flash Player 10.2.154.25和用于Chrome用户的早期版本),Android下的Adobe Flash Player 10.2.156.12及早期版本,Windows和Macintosh操作系统下的Adobe Reader及Acrobat X (10.0.2)和Reader及Acrobat早期10.x和9.x版本提供的Authplay.dll组件存在严重安全漏洞。 此漏洞(CVE-2011-0611)可导致应用程序崩溃,或允许攻击者控制受影响系统,根据报告此漏洞在网络上已积极利用,把恶意FLASH(.swf)文件嵌入到Microsoft Word(.doc),并通过Email附件载体进行攻击者。目前还没有注意到利用此漏洞通过PDF针对Adobe Reader和Acrobat进行攻击。 Adobe Reader X也受此漏洞影响,但能成功防止恶意代码执行。 Adobe Reader 9.3.4 Adobe Reader 9.3.4 Adobe Reader 9.3.3 Adobe Reader 9.3.2 Adobe Reader 9.3.1 Adobe Reader 9.1.3 Adobe Reader 9.1.2 Adobe Reader 9.1.1 Adobe Reader 9.4.2 Adobe Reader 9.4.1 Adobe Reader 9.4 Adobe Reader 9.3 Adobe Reader 9.2 Adobe Reader 9.1 Adobe Reader 9 Adobe Reader 9 Adobe Reader 10.0.1 Adobe Reader 10.0 Adobe Flash Player 10.1.53 .64 Adobe Flash Player 10.1.51 .66 Adobe Flash Player 10.0.45 2 Adobe Flash Player 10.0.45 2 Adobe Flash Player 10.0.45 2 Adobe Flash Player 10.0.32 18 Adobe Flash Player 10.0.22 .87 Adobe Flash Player 10.0.15 .3 Adobe Flash Player 10.0.12 .36 Adobe Flash Player 10.0.12 .35 Adobe Flash Player 10.2.156.12 Adobe Flash Player 10.2.154.25 Adobe Flash Player 10.2.154.18 Adobe Flash Player 10.2.154.13 Adobe Flash Player 10.2.153.1 Adobe Flash Player 10.2.152.33 Adobe Flash Player 10.2.152.21 Adobe Flash Player 10.1.95.2 Adobe Flash Player 10.1.95.1 Adobe Flash Player 10.1.92.10 Adobe Flash Player 10.1.92.10 Adobe Flash Player 10.1.85.3 Adobe Flash Player 10.1.82.76 Adobe Flash Player 10.1.106.16 Adobe Flash Player 10.1.105.6 Adobe Flash Player 10.1.102.65 Adobe Flash Player 10.1.102.64 Adobe Flash Player 10.1 Release Candida Adobe Flash Player 10.0.42.34 Adobe Flash Player 10.0.32.18 Adobe Flash Player 10 Adobe Acrobat Standard 9.3.4 Adobe Acrobat Standard 9.3.4 Adobe Acrobat Standard 9.3.3 Adobe Acrobat Standard 9.3.2 Adobe Acrobat Standard 9.3.1 Adobe Acrobat Standard 9.1.3 Adobe Acrobat Standard 9.1.2 Adobe Acrobat Standard 9.4.2 Adobe Acrobat Standard 9.4.1 Adobe Acrobat Standard 9.4 Adobe Acrobat Standard 9.3 Adobe Acrobat Standard 9.2 Adobe Acrobat Standard 9.1 Adobe Acrobat Standard 9 Adobe Acrobat Standard 10.0.2 Adobe Acrobat Standard 10.0.1 Adobe Acrobat Standard 10.0 Adobe Acrobat Professional 9.3.4 Adobe Acrobat Professional 9.3.3 Adobe Acrobat Professional 9.3.2 Adobe Acrobat Professional 9.3.1 Adobe Acrobat Professional 9.1.3 Adobe Acrobat Professional 9.1.2 Adobe Acrobat Professional 9.4.2 Adobe Acrobat Professional 9.4.1 Adobe Acrobat Professional 9.4 Adobe Acrobat Professional 9.3 Adobe Acrobat Professional 9.2 Adobe Acrobat Professional 9.1 Adobe Acrobat Professional 9 Extended Adobe Acrobat Professional 9 Adobe Acrobat Professional 10.0.2 Adobe Acrobat Professional 10.0.1 Adobe Acrobat Professional 10.0 Adobe Acrobat 9.3.3 Adobe Acrobat 9.3.3 Adobe Acrobat 9.3.2 Adobe Acrobat 9.3.1 Adobe Acrobat 9.1.1 Adobe Acrobat 8.2.4 Adobe Acrobat 9.4.2 Adobe Acrobat 9.4.1 Adobe Acrobat 9.4 Adobe Acrobat 9.3 Adobe Acrobat 9.2 Adobe Acrobat 9 Adobe Acrobat 10.0.2 Adobe Acrobat 10.0.1 Adobe Acrobat 10.0 厂商解决方案 目前没有详细解决方案提供: http://www.adobe.com/ id SSV:20472 last seen 2017-11-19 modified 2011-04-13 published 2011-04-13 reporter Root title Adobe Flash Player 'SWF'文件远程内存破坏漏洞
Related news
References
- http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx
- http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html
- http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html
- http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html
- http://secunia.com/advisories/44119
- http://secunia.com/advisories/44141
- http://secunia.com/advisories/44149
- http://secunia.com/blog/210/
- http://securityreason.com/securityalert/8204
- http://securityreason.com/securityalert/8292
- http://www.adobe.com/support/security/advisories/apsa11-02.html
- http://www.adobe.com/support/security/bulletins/apsb11-07.html
- http://www.adobe.com/support/security/bulletins/apsb11-08.html
- http://www.exploit-db.com/exploits/17175
- http://www.kb.cert.org/vuls/id/230057
- http://www.redhat.com/support/errata/RHSA-2011-0451.html
- http://www.securityfocus.com/bid/47314
- http://www.securitytracker.com/id?1025324
- http://www.securitytracker.com/id?1025325
- http://www.vupen.com/english/advisories/2011/0922
- http://www.vupen.com/english/advisories/2011/0923
- http://www.vupen.com/english/advisories/2011/0924
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66681
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175
- http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66681
- http://www.vupen.com/english/advisories/2011/0924
- http://www.vupen.com/english/advisories/2011/0923
- http://www.vupen.com/english/advisories/2011/0922
- http://www.securitytracker.com/id?1025325
- http://www.securitytracker.com/id?1025324
- http://www.securityfocus.com/bid/47314
- http://www.redhat.com/support/errata/RHSA-2011-0451.html
- http://www.kb.cert.org/vuls/id/230057
- http://www.exploit-db.com/exploits/17175
- http://www.adobe.com/support/security/bulletins/apsb11-08.html
- http://www.adobe.com/support/security/bulletins/apsb11-07.html
- http://www.adobe.com/support/security/advisories/apsa11-02.html
- http://securityreason.com/securityalert/8292
- http://securityreason.com/securityalert/8204
- http://secunia.com/blog/210/
- http://secunia.com/advisories/44149
- http://secunia.com/advisories/44141
- http://secunia.com/advisories/44119
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html
- http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html
- http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html
- http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html