Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title acroread security update
Informations
Name RHSA-2011:1434 First vendor Publication 2011-11-08
Vendor RedHat Last vendor Modification 2011-11-08
Severity (Vendor) Critical Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Adobe Reader allows users to view and print documents in Portable Document Format (PDF).

This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2442)

This update also fixes multiple security flaws in Adobe Flash Player embedded in Adobe Reader. These flaws are detailed on the Adobe security pages APSB11-21 and APSB11-26, listed in the References section.

A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430)

A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2011-2444)

This update also fixes an information disclosure flaw in Adobe Flash Player. (CVE-2011-2429)

All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

729497 - CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425 flash-plugin: multiple arbitrary code execution flaws (APSB-11-21) 740201 - CVE-2011-2444 acroread, flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26 740204 - CVE-2011-2429 acroread, flash-plugin: security control bypass information disclosure fixed in APSB11-26 740388 - CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 acroread, flash-plugin: critical flaws fixed in APSB11-26 749381 - acroread: multiple code execution flaws (APSB11-24)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2011-1434.html

CWE : Common Weakness Enumeration

% Id Name
61 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10 % CWE-264 Permissions, Privileges, and Access Controls
10 % CWE-189 Numeric Errors (CWE/SANS Top 25)
10 % CWE-20 Improper Input Validation
6 % CWE-399 Resource Management Errors
3 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13209
 
Oval ID: oval:org.mitre.oval:def:13209
Title: Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2434 and CVE-2011-2437.
Description: Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2434 and CVE-2011-2437.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2433
 Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13217
 
Oval ID: oval:org.mitre.oval:def:13217
Title: Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437.
Description: Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2434
 Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13809
 
Oval ID: oval:org.mitre.oval:def:13809
Title: Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."
Description: Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-2430
 Version: 21
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13892
 
Oval ID: oval:org.mitre.oval:def:13892
Title: Multiple stack-based buffer overflows in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.
Description: Multiple stack-based buffer overflows in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2438
 Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13940
 
Oval ID: oval:org.mitre.oval:def:13940
Title: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414.
Description: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2415
 Version: 27
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13945
 
Oval ID: oval:org.mitre.oval:def:13945
Title: Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue."
Description: Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue."
Family: windows Class: vulnerability
Reference(s): CVE-2011-2428
 Version: 21
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13979
 
Oval ID: oval:org.mitre.oval:def:13979
Title: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.
Description: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2134
 Version: 27
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13984
 
Oval ID: oval:org.mitre.oval:def:13984
Title: Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2434.
Description: Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2434.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2437
 Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14015
 
Oval ID: oval:org.mitre.oval:def:14015
Title: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2425.
Description: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2425.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2417
 Version: 27
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14016
 
Oval ID: oval:org.mitre.oval:def:14016
Title: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425.
Description: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2135
 Version: 27
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14022
 
Oval ID: oval:org.mitre.oval:def:14022
Title: Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "security bypass vulnerability."
Description: Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "security bypass vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-2431
 Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14031
 
Oval ID: oval:org.mitre.oval:def:14031
Title: Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
Description: Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2432
 Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14041
 
Oval ID: oval:org.mitre.oval:def:14041
Title: Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "memory leakage condition vulnerability."
Description: Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "memory leakage condition vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-2439
 Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14042
 
Oval ID: oval:org.mitre.oval:def:14042
Title: Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability."
Description: Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-2442
 Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14043
 
Oval ID: oval:org.mitre.oval:def:14043
Title: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2415.
Description: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2415.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2414
 Version: 27
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14050
 
Oval ID: oval:org.mitre.oval:def:14050
Title: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.
Description: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2444
 Version: 21
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14070
 
Oval ID: oval:org.mitre.oval:def:14070
Title: Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors.
Description: Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2426
 Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14073
 
Oval ID: oval:org.mitre.oval:def:14073
Title: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.
Description: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2425
 Version: 26
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14074
 
Oval ID: oval:org.mitre.oval:def:14074
Title: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.
Description: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2140
 Version: 26
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14085
 
Oval ID: oval:org.mitre.oval:def:14085
Title: Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416.
Description: Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2138
 Version: 26
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14096
 
Oval ID: oval:org.mitre.oval:def:14096
Title: Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass."
Description: Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass."
Family: windows Class: vulnerability
Reference(s): CVE-2011-2429
 Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14111
 
Oval ID: oval:org.mitre.oval:def:14111
Title: Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416.
Description: Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2136
 Version: 26
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14125
 
Oval ID: oval:org.mitre.oval:def:14125
Title: Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
Description: Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2427
 Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14132
 
Oval ID: oval:org.mitre.oval:def:14132
Title: Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138.
Description: Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2416
 Version: 26
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14143
 
Oval ID: oval:org.mitre.oval:def:14143
Title: Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
Description: Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2435
 Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14149
 
Oval ID: oval:org.mitre.oval:def:14149
Title: Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
Description: Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2440
 Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14194
 
Oval ID: oval:org.mitre.oval:def:14194
Title: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.
Description: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2130
 Version: 26
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14199
 
Oval ID: oval:org.mitre.oval:def:14199
Title: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures."
Description: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures."
Family: windows Class: vulnerability
Reference(s): CVE-2011-2424
 Version: 23
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14204
 
Oval ID: oval:org.mitre.oval:def:14204
Title: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
Description: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2139
 Version: 26
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14206
 
Oval ID: oval:org.mitre.oval:def:14206
Title: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415.
Description: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2137
 Version: 26
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14218
 
Oval ID: oval:org.mitre.oval:def:14218
Title: Heap-based buffer overflow in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
Description: Heap-based buffer overflow in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2436
 Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15272
 
Oval ID: oval:org.mitre.oval:def:15272
Title: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.
Description: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.
Family: macos Class: vulnerability
Reference(s): CVE-2011-2444
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15366
 
Oval ID: oval:org.mitre.oval:def:15366
Title: Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors.
Description: Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors.
Family: macos Class: vulnerability
Reference(s): CVE-2011-2426
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15475
 
Oval ID: oval:org.mitre.oval:def:15475
Title: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.
Description: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.
Family: macos Class: vulnerability
Reference(s): CVE-2011-2425
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15869
 
Oval ID: oval:org.mitre.oval:def:15869
Title: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures."
Description: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures."
Family: macos Class: vulnerability
Reference(s): CVE-2011-2424
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15889
 
Oval ID: oval:org.mitre.oval:def:15889
Title: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2415.
Description: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2415.
Family: macos Class: vulnerability
Reference(s): CVE-2011-2414
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15941
 
Oval ID: oval:org.mitre.oval:def:15941
Title: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.
Description: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.
Family: macos Class: vulnerability
Reference(s): CVE-2011-2134
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15950
 
Oval ID: oval:org.mitre.oval:def:15950
Title: Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
Description: Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
Family: macos Class: vulnerability
Reference(s): CVE-2011-2427
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15998
 
Oval ID: oval:org.mitre.oval:def:15998
Title: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2425.
Description: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2425.
Family: macos Class: vulnerability
Reference(s): CVE-2011-2417
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16025
 
Oval ID: oval:org.mitre.oval:def:16025
Title: Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138.
Description: Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138.
Family: macos Class: vulnerability
Reference(s): CVE-2011-2416
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16030
 
Oval ID: oval:org.mitre.oval:def:16030
Title: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
Description: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
Family: macos Class: vulnerability
Reference(s): CVE-2011-2139
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16061
 
Oval ID: oval:org.mitre.oval:def:16061
Title: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425.
Description: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425.
Family: macos Class: vulnerability
Reference(s): CVE-2011-2135
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16070
 
Oval ID: oval:org.mitre.oval:def:16070
Title: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414.
Description: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414.
Family: macos Class: vulnerability
Reference(s): CVE-2011-2415
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16104
 
Oval ID: oval:org.mitre.oval:def:16104
Title: Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416.
Description: Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416.
Family: macos Class: vulnerability
Reference(s): CVE-2011-2138
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16116
 
Oval ID: oval:org.mitre.oval:def:16116
Title: Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."
Description: Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."
Family: macos Class: vulnerability
Reference(s): CVE-2011-2430
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16128
 
Oval ID: oval:org.mitre.oval:def:16128
Title: Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416.
Description: Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416.
Family: macos Class: vulnerability
Reference(s): CVE-2011-2136
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16181
 
Oval ID: oval:org.mitre.oval:def:16181
Title: Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue."
Description: Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue."
Family: macos Class: vulnerability
Reference(s): CVE-2011-2428
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16195
 
Oval ID: oval:org.mitre.oval:def:16195
Title: DEPRECATED: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.
Description: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.
Family: macos Class: vulnerability
Reference(s): CVE-2011-2140
 Version: 4
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16210
 
Oval ID: oval:org.mitre.oval:def:16210
Title: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.
Description: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.
Family: macos Class: vulnerability
Reference(s): CVE-2011-2130
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16268
 
Oval ID: oval:org.mitre.oval:def:16268
Title: Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass."
Description: Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass."
Family: macos Class: vulnerability
Reference(s): CVE-2011-2429
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16270
 
Oval ID: oval:org.mitre.oval:def:16270
Title: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415.
Description: Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415.
Family: macos Class: vulnerability
Reference(s): CVE-2011-2137
 Version: 3
Platform(s): Apple Mac OS X
 Product(s): Adobe Flash Player
Adobe Air
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21984
 
Oval ID: oval:org.mitre.oval:def:21984
Title: RHSA-2011:1144: flash-plugin security update (Critical)
Description: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.
Family: unix Class: patch
Reference(s): RHSA-2011:1144-01
CVE-2011-2130
CVE-2011-2134
CVE-2011-2135
CVE-2011-2136
CVE-2011-2137
CVE-2011-2138
CVE-2011-2139
CVE-2011-2140
CVE-2011-2414
CVE-2011-2415
CVE-2011-2416
CVE-2011-2417
CVE-2011-2424
CVE-2011-2425
 Version: 185
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
 Product(s): flash-plugin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22039
 
Oval ID: oval:org.mitre.oval:def:22039
Title: RHSA-2011:1333: flash-plugin security update (Critical)
Description: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.
Family: unix Class: patch
Reference(s): RHSA-2011:1333-01
CVE-2011-2426
CVE-2011-2427
CVE-2011-2428
CVE-2011-2429
CVE-2011-2430
CVE-2011-2444
 Version: 81
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
 Product(s): flash-plugin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23355
 
Oval ID: oval:org.mitre.oval:def:23355
Title: DEPRECATED: ELSA-2011:1144: flash-plugin security update (Critical)
Description: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.
Family: unix Class: patch
Reference(s): ELSA-2011:1144-01
CVE-2011-2130
CVE-2011-2134
CVE-2011-2135
CVE-2011-2136
CVE-2011-2137
CVE-2011-2138
CVE-2011-2139
CVE-2011-2140
CVE-2011-2414
CVE-2011-2415
CVE-2011-2416
CVE-2011-2417
CVE-2011-2424
CVE-2011-2425
 Version: 62
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): flash-plugin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23393
 
Oval ID: oval:org.mitre.oval:def:23393
Title: DEPRECATED: ELSA-2011:1333: flash-plugin security update (Critical)
Description: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.
Family: unix Class: patch
Reference(s): ELSA-2011:1333-01
CVE-2011-2426
CVE-2011-2427
CVE-2011-2428
CVE-2011-2429
CVE-2011-2430
CVE-2011-2444
 Version: 30
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): flash-plugin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23664
 
Oval ID: oval:org.mitre.oval:def:23664
Title: ELSA-2011:1333: flash-plugin security update (Critical)
Description: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.
Family: unix Class: patch
Reference(s): ELSA-2011:1333-01
CVE-2011-2426
CVE-2011-2427
CVE-2011-2428
CVE-2011-2429
CVE-2011-2430
CVE-2011-2444
 Version: 29
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): flash-plugin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23730
 
Oval ID: oval:org.mitre.oval:def:23730
Title: ELSA-2011:1144: flash-plugin security update (Critical)
Description: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.
Family: unix Class: patch
Reference(s): ELSA-2011:1144-01
CVE-2011-2130
CVE-2011-2134
CVE-2011-2135
CVE-2011-2136
CVE-2011-2137
CVE-2011-2138
CVE-2011-2139
CVE-2011-2140
CVE-2011-2414
CVE-2011-2415
CVE-2011-2416
CVE-2011-2417
CVE-2011-2424
CVE-2011-2425
 Version: 61
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): flash-plugin
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 38
Application 36
Application 32
Application 158

SAINT Exploits

Description Link
Adobe Flash Player MP4 Sequence Parameter Set Processing More info here

ExploitDB Exploits

id Description
2012-02-10 Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2012-01-31 Adobe Flash Player MP4 SequenceParameterSetNALUnit Remote Code Execution Exploit

OpenVAS Exploits

Date Description
2012-02-12 Name : FreeBSD Ports: acroread9
File : nvt/freebsd_acroread9.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-11 (Adobe Flash Player)
File : nvt/glsa_201110_11.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201201-19 (acroread)
File : nvt/glsa_201201_19.nasl
2011-12-05 Name : SuSE Update for acroread SUSE-SA:2011:044
File : nvt/gb_suse_2011_044.nasl
2011-10-28 Name : Adobe Reader and Acrobat Multiple Vulnerabilities September-2011 (Mac OS X)
File : nvt/gb_adobe_prdts_mult_vuln_sep11_macosx.nasl
2011-10-28 Name : Adobe Reader and Acrobat Multiple Vulnerabilities September-2011 (Windows)
File : nvt/gb_adobe_prdts_mult_vuln_sep11_win.nasl
2011-10-28 Name : Adobe Reader Multiple Vulnerabilities September-2011 (Linux)
File : nvt/gb_adobe_reader_mult_vuln_sep11_lin.nasl
2011-10-16 Name : FreeBSD Ports: linux-flashplugin
File : nvt/freebsd_linux-flashplugin19.nasl
2011-09-30 Name : Adobe Flash Player Multiple Vulnerabilities September-2011 (Linux)
File : nvt/secpod_adobe_flash_player_mult_vuln_lin_sep11.nasl
2011-09-30 Name : Adobe Flash Player Multiple Vulnerabilities September-2011 (Mac OS X)
File : nvt/secpod_adobe_flash_player_mult_vuln_macosx_sep11.nasl
2011-09-30 Name : Adobe Flash Player Multiple Vulnerabilities September-2011 (Windows)
File : nvt/secpod_adobe_flash_player_mult_vuln_win_sep11.nasl
2011-09-21 Name : FreeBSD Ports: linux-flashplugin
File : nvt/freebsd_linux-flashplugin18.nasl
2011-08-31 Name : Adobe Flash Player Multiple Vulnerabilities August-2011 (Linux)
File : nvt/secpod_adobe_flash_player_mult_vuln_aug11_lin.nasl
2011-08-31 Name : Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
File : nvt/secpod_adobe_prdts_mult_vuln_aug11_win.nasl
2011-08-31 Name : Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
File : nvt/secpod_adobe_prdts_mult_vuln_macosx.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
75630 Adobe Flash Player Media Streaming Logic Memory Corruption
75629 Adobe Flash Player Security Control Bypass Information Disclosure
75628 Adobe Flash Player Logic Error Unspecified Memory Corruption
75627 Adobe Flash Player AVM Function Parameter Handling Overflow
75626 Adobe Flash Player AVM2 Function Parameter Handling Overflow
75625 Adobe Flash Player Unspecified XSS
75440 Adobe Reader / Acrobat Logic Error Unspecified Memory Corruption
75439 Adobe Reader / Acrobat Use-after-free PDF Embedded JPG File Handling Remote C...
75438 Adobe Reader / Acrobat Memory Leakage Condition Unspecified Remote Code Execu...
75437 Adobe Reader / Acrobat Image Parsing Library Multiple Unspecified Overflow
75436 Adobe Reader / Acrobat Unspecified Overflow (2011-2437)
75435 Adobe Reader / Acrobat Image Parsing Library Unspecified Overflow
75434 Adobe Reader / Acrobat Unspecified Overflow (2011-2435)
75433 Adobe Reader / Acrobat Unspecified Overflow (2011-2434)
75432 Adobe Reader / Acrobat Unspecified Overflow (2011-2433)
75431 Adobe Reader / Acrobat U3D TIFF Resource Handling Overflow
75430 Adobe Reader / Acrobat Unspecified Security Bypass Remote Code Execution
75201 Adobe Flash Player SWF File Handling Arbitrary Code Execution (400 Taviso Bugs)
74444 Adobe Flash Player Unspecified Memory Corruption (2011-2425)

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize user-supplied input, resulting in memory corruption. With a specially crafted file, a context-dependent attacker can execute arbitrary code.
74443 Adobe Flash Player Unspecified Memory Corruption (2011-2417)

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize user-supplied input, resulting in memory corruption. With a specially crafted file, a context-dependent attacker can execute arbitrary code.
74442 Adobe Flash Player Unspecified Overflow (2011-2416)

Adobe Flash Player is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted file, a context-dependent attacker can potentially execute arbitrary code.
74441 Adobe Flash Player Unspecified Overflow (2011-2415)

Adobe Flash Player is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted file, a context-dependent attacker can potentially execute arbitrary code.
74440 Adobe Flash Player Unspecified Overflow (2011-2414)

Adobe Flash Player is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted file, a context-dependent attacker can potentially execute arbitrary code.
74439 Adobe Flash Player Unspecified Memory Corruption (2011-2140)

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize user-supplied input, resulting in memory corruption. With a specially crafted file, a context-dependent attacker can execute arbitrary code.
74438 Adobe Flash Player Unspecified Cross-domain Information Disclosure
74437 Adobe Flash Player BitmapData.scroll Handling Remote Overflow

Adobe Flash Player is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted file, a context-dependent attacker can potentially execute arbitrary code.
74436 Adobe Flash Player Unspecified Overflow (2011-2137)

Adobe Flash Player is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted file, a context-dependent attacker can potentially execute arbitrary code.
74435 Adobe Flash Player Unspecified Overflow (2011-2136)

Adobe Flash Player is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted file, a context-dependent attacker can potentially execute arbitrary code.
74434 Adobe Flash Player flash.display Memory Corruption

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize user-supplied input, resulting in memory corruption. With a specially crafted file, a context-dependent attacker can execute arbitrary code.
74433 Adobe Flash Player Unspecified Overflow (2011-2134)

Adobe Flash Player is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted file, a context-dependent attacker can potentially execute arbitrary code.
74432 Adobe Flash Player Unspecified Overflow (2011-2130)

Adobe Flash Player is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted file, a context-dependent attacker can potentially execute arbitrary code.

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-05-03 IAVM : 2012-B-0048 - Multiple Vulnerabilities in HP Systems Insight Manager
Severity : Category I - VMSKEY : V0032178

Snort® IPS/IDS

Date Description
2014-03-27 Adobe Flash regular expression grouping depth buffer overflow attempt
RuleID : 29934 - Revision : 4 - Type : FILE-FLASH
2014-01-10 Gong Da exploit kit possible jar download
RuleID : 27706 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Gong Da exploit kit Java exploit requested
RuleID : 27705 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Gong Da exploit kit Java exploit requested
RuleID : 27704 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Gong Da exploit kit plugin detection
RuleID : 27703 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Gong Da exploit kit landing page
RuleID : 27702 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Gong Da Jar file download
RuleID : 27701 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Gong Da exploit kit redirection page received
RuleID : 26013 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Adobe Flash Player ActionScript 3 integer overflow attempt
RuleID : 25835 - Revision : 7 - Type : FILE-FLASH
2014-01-10 Adobe Flash Player MP4 sequence parameter set parsing overflow attempt
RuleID : 24672 - Revision : 8 - Type : FILE-MULTIMEDIA
2014-01-10 Adobe Flash Player MP4 sequence parameter set parsing overflow attempt
RuleID : 23098 - Revision : 11 - Type : FILE-MULTIMEDIA
2014-01-10 Phoenix exploit kit post-compromise behavior
RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC
2014-01-10 Phoenix exploit kit landing page
RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Yang Pack yg.htm landing page
RuleID : 21006 - Revision : 5 - Type : MALWARE-CNC
2014-01-10 Adobe Flash MP4 ref_frame allocated buffer overflow attempt
RuleID : 20555 - Revision : 11 - Type : FILE-FLASH
2014-01-10 Adobe Flash Player recursive stack overflow attempt
RuleID : 20211 - Revision : 13 - Type : FILE-FLASH
2014-01-10 Adobe Flash Player pcre ActionScript under allocation
RuleID : 20206 - Revision : 11 - Type : FILE-FLASH
2014-01-10 Adobe Flash Player setInterval use attempt
RuleID : 20183 - Revision : 9 - Type : FILE-FLASH
2014-01-10 Adobe Flash Player viewSource blacklist exclusion attempt
RuleID : 20182 - Revision : 5 - Type : FILE-FLASH
2014-01-10 Adobe Flash Speex-encoded audio buffer underflow attempt
RuleID : 20181 - Revision : 7 - Type : FILE-FLASH
2014-01-10 Adobe Acrobat Reader embedded BMP parsing corruption attempt
RuleID : 20171 - Revision : 10 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader embedded BMP parsing corruption attempt
RuleID : 20170 - Revision : 10 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader embedded BMP parsing corruption attempt
RuleID : 20169 - Revision : 10 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader getCosObj file overwrite attempt
RuleID : 20156 - Revision : 11 - Type : FILE-PDF
2014-01-10 Adobe Acrobat embedded JPEG file APP0 chunk memory corruption attempt
RuleID : 20153 - Revision : 11 - Type : FILE-PDF
2014-01-10 Adobe Acrobat GDI object leak memory corruption attempt
RuleID : 20152 - Revision : 10 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader embedded PCX parsing corruption attempt
RuleID : 20150 - Revision : 12 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader embedded IFF file RGBA chunk memory corruption attempt
RuleID : 20149 - Revision : 11 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader embedded PICT parsing corruption attempt
RuleID : 20148 - Revision : 10 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader embedded PICT parsing corruption attempt
RuleID : 20147 - Revision : 10 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader embedded PICT parsing corruption attempt
RuleID : 20145 - Revision : 10 - Type : FILE-PDF
2014-01-10 Adobe Acrobat embedded TIFF DotRange structure memory corruption attempt
RuleID : 20144 - Revision : 10 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader app.openDoc path vulnerability
RuleID : 20142 - Revision : 10 - Type : FILE-PDF
2014-01-10 Adobe Flash MP4 ref_frame allocated buffer overflow attempt
RuleID : 19693 - Revision : 10 - Type : FILE-FLASH
2014-01-10 Adobe Flash cross-site request forgery attempt
RuleID : 19692 - Revision : 11 - Type : FILE-FLASH
2014-01-10 Adobe Flash Player ActionScript File reference buffer overflow attempt
RuleID : 19691 - Revision : 12 - Type : FILE-FLASH
2014-01-10 Adobe Flash Player ActionScript duplicateDoorInputArguments stack overwrite
RuleID : 19690 - Revision : 12 - Type : FILE-FLASH
2014-01-10 Adobe Flash Player ActionScript dynamic calculation double-free attempt
RuleID : 19689 - Revision : 12 - Type : FILE-FLASH
2014-01-10 Adobe Flash Player ActionScript BitmapData buffer overflow attempt
RuleID : 19688 - Revision : 12 - Type : FILE-FLASH
2014-01-10 Adobe Flash ActionStoreRegister instruction length invalidation attempt
RuleID : 19687 - Revision : 17 - Type : FILE-FLASH
2014-01-10 Adobe Flash uninitialized bitmap structure memory corruption attempt
RuleID : 19686 - Revision : 11 - Type : FILE-FLASH
2014-01-10 Adobe Flash regular expression grouping depth buffer overflow attempt
RuleID : 19685 - Revision : 13 - Type : FILE-FLASH
2014-01-10 Adobe CFF font storage memory corruption attempt
RuleID : 19684 - Revision : 12 - Type : FILE-OTHER
2014-01-10 Adobe Flash Player ActionScript 3 buffer overflow attempt
RuleID : 19683 - Revision : 13 - Type : FILE-FLASH
2014-01-10 Adobe Flash Player ActionScript 3 integer overflow attempt
RuleID : 19682 - Revision : 14 - Type : FILE-FLASH

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_flash-player-110921.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_acroread-111111.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2011-54.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_flash-player-110810.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_acroread-111111.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_flash-player-110810.nasl - Type : ACT_GATHER_INFO
2012-06-15 Name : The remote Windows host contains software that is affected by multiple vulner...
File : hp_systems_insight_manager_700_multiple_vulns.nasl - Type : ACT_GATHER_INFO
2012-01-31 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-19.nasl - Type : ACT_GATHER_INFO
2012-01-27 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_fa2f386f481411e189b4001ec9578670.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_flash-player-7679.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread-7833.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_flash-player-110921.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_flash-player-7763.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_acroread-111111.nasl - Type : ACT_GATHER_INFO
2011-11-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1434.nasl - Type : ACT_GATHER_INFO
2011-10-14 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-11.nasl - Type : ACT_GATHER_INFO
2011-09-23 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-1333.nasl - Type : ACT_GATHER_INFO
2011-09-23 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_53e531a7e55911e0b481001b2134ef46.nasl - Type : ACT_GATHER_INFO
2011-09-22 Name : The remote Mac OS X host has a browser plugin that is affected by multiple vu...
File : macosx_flash_player_10_3_183_10.nasl - Type : ACT_GATHER_INFO
2011-09-22 Name : The remote Windows host has a browser plugin that is affected by multiple vul...
File : flash_player_apsb11-26.nasl - Type : ACT_GATHER_INFO
2011-09-21 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_14_0_835_186.nasl - Type : ACT_GATHER_INFO
2011-09-14 Name : The version of Adobe Reader on the remote Windows host is affected by multipl...
File : adobe_reader_apsb11-24.nasl - Type : ACT_GATHER_INFO
2011-09-14 Name : The version of Adobe Acrobat on the remote Windows host is affected by multip...
File : adobe_acrobat_apsb11-24.nasl - Type : ACT_GATHER_INFO
2011-09-14 Name : The version of Adobe Reader on the remote Mac OS X host is affected by multip...
File : macosx_adobe_reader_apsb11-24.nasl - Type : ACT_GATHER_INFO
2011-08-12 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_flash-player-110810.nasl - Type : ACT_GATHER_INFO
2011-08-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-1144.nasl - Type : ACT_GATHER_INFO
2011-08-11 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_2c12ae0cc38d11e08eb7001b2134ef46.nasl - Type : ACT_GATHER_INFO
2011-08-10 Name : The remote Mac OS X host has a browser plugin that is affected by multiple vu...
File : macosx_flash_player_10_3_183_5.nasl - Type : ACT_GATHER_INFO
2011-08-10 Name : A browser plugin is affected by multiple vulnerabilities.
File : flash_player_apsb11-21.nasl - Type : ACT_GATHER_INFO
2011-08-10 Name : The remote Windows host contains a version of Adobe AIR that is affected by m...
File : adobe_air_apsb11-21.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:55:16
  • Multiple Updates