|
|
Log in / Subscribe / Register

flash-player: arbitrary code execution

Package(s):flash-player CVE #(s):CVE-2011-0611
Created:April 18, 2011 Updated:April 20, 2011
Description: From the CVE entry:

Adobe Flash Player 10.2.153.1 and earlier for Windows, Macintosh, Linux, and Solaris; 10.2.154.25 and earlier for Chrome; and 10.2.156.12 and earlier for Android; Adobe AIR 2.6.19120 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.3 and 10.x through 10.0.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, related to a size inconsistency in a "group of included constants," object type confusion, and Date objects, as demonstrated by a .swf file embedded in a Microsoft Word document, and as exploited in the wild in April 2011.

Alerts:
Gentoo 201110-11 adobe-flash 2011-10-13
Red Hat RHSA-2011:0451-01 flash-plugin 2011-04-18
openSUSE openSUSE-SU-2011:0373-1 flash-player 2011-04-18
SUSE SUSE-SA:2011:018 flash-player 2011-04-18
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds