ID

VAR-201105-0008


CVE

CVE-2011-0628


TITLE

Adobe Flash Player Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2011-001692

DESCRIPTION

Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object. Adobe Flash Player is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10" References ========== [ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/ ---------------------------------------------------------------------- TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43269 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269 RELEASE DATE: 2011-06-16 DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43269/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43269 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. 1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow. 2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow. 3) An unspecified error can be exploited to cause a heap-based buffer overflow. 4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file. 5) An unspecified error can be exploited to corrupt memory. 6) An unspecified error can be exploited to corrupt memory. 7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share. 9) An unspecified error can be exploited to bypass certain security restrictions. This vulnerability affects Adobe Reader and Acrobat X 10.x only. 10) An unspecified error can be exploited to corrupt memory. This vulnerability affects 8.x versions only. 11) An unspecified error can be exploited to corrupt memory. 12) An unspecified error can be exploited to corrupt memory. 13) An unspecified error can be exploited to corrupt memory. For more information: SA44590 SA44846 The vulnerabilities are reported in the following products: * Adobe Reader X (10.0.1) and earlier for Windows. * Adobe Reader X (10.0.3) and earlier for Macintosh. * Adobe Reader 9.4.4 and earlier for Windows and Macintosh. * Adobe Reader 8.2.6 and earlier for Windows and Macintosh. * Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. * Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. * Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh. SOLUTION: Apply updates (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research. The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico. ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html Secunia Research: http://secunia.com/secunia_research/2011-41/ ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2011-0628 // JVNDB: JVNDB-2011-001692 // BID: 47961 // VULHUB: VHN-48573 // PACKETSTORM: 105802 // PACKETSTORM: 102309

AFFECTED PRODUCTS

vendor:adobemodel:flash playerscope:eqversion:10.2.154.25

Trust: 1.9

vendor:adobemodel:flash playerscope:eqversion:10.1.105.6

Trust: 1.9

vendor:adobemodel:flash playerscope:eqversion:10.2.156.12

Trust: 1.9

vendor:adobemodel:flash playerscope:eqversion:10.1.95.2

Trust: 1.9

vendor:adobemodel:flash playerscope:eqversion:10.2.154.13

Trust: 1.9

vendor:adobemodel:flash playerscope:eqversion:10.1.92.10

Trust: 1.9

vendor:adobemodel:flash playerscope:eqversion:10.1.106.16

Trust: 1.9

vendor:adobemodel:flash playerscope:lteversion:10.2.159.1

Trust: 1.8

vendor:adobemodel:flash playerscope:eqversion:10.1.92.8

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:9.0.246.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.0.15.3

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.53.64

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.115.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.31.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.124.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.95.1

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.152.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.47.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.45.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.0.42.34

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.33

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.48.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.0.22.87

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.85.3

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.28.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.260.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.82.76

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.0.32.18

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.277.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.159.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.0.12.36

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.151.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.102.64

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:7.1

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:8.0.33.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:8.0.24.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:6.0.21.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:10.1.52.15

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:10.2.152

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:10.0.45.2

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.61.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.20

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:8.0.34.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.2

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.16

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:8.0.22.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:10.2.152.32

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.60.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:8.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.262.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.25

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:6.0.79

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.53.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.20.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:8.0.35.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.155.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:10.0.12.10

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.14.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.66.0

Trust: 1.0

vendor:adobemodel:flash playerscope:lteversion:10.2.157.51

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:10.1.52.14.1

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.112.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.114.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.19.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.18d60

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:10.0.0.584

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.125.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.24.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.63

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.125.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.73.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.1.1

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.28

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.67.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:8.0.39.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.31

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.283.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.68.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.70.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:8.0.42.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.69.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.1

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:10.2.157.51

Trust: 0.9

vendor:adobemodel:flash playerscope:eqversion:10.2.159.1

Trust: 0.9

vendor:adobemodel:flashscope:eqversion:cs4 professional

Trust: 0.8

vendor:adobemodel:flashscope:eqversion:professional cs5

Trust: 0.8

vendor:adobemodel:flash playerscope:lteversion:10.2.154.28 for chrome a user

Trust: 0.8

vendor:adobemodel:flash playerscope:lteversion:10.2.157.51 for android

Trust: 0.8

vendor:adobemodel:flexscope:eqversion:4

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:11 express

Trust: 0.8

vendor:red hatmodel:enterprise linux server supplementaryscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux server supplementary eusscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linux workstation supplementaryscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:rhel desktop supplementaryscope:eqversion:5 (client)

Trust: 0.8

vendor:red hatmodel:rhel desktop supplementaryscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:rhel supplementaryscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:rhel supplementary eusscope:eqversion:5.6.z (server)

Trust: 0.8

vendor:red hatmodel:rhel supplementary long lifescope:eqversion:5.6 (server)

Trust: 0.8

vendor:adobemodel:flash playerscope:eqversion:10.0.3218

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.12.35

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.b0.73scope: - version: -

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.289.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.21

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9

Trust: 0.3

vendor:adobemodel:flash playerscope:neversion:10.3.185.21

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.280

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.a3.31scope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10

Trust: 0.3

vendor:adobemodel:flash cs4 professionalscope:eqversion:0

Trust: 0.3

vendor:adobemodel:flash playerscope:neversion:10.3.181.14

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:adobemodel:flash cs5 professionalscope:eqversion:0

Trust: 0.3

vendor:sunmodel:solaris expressscope:eqversion:11

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.262

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.24

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.51.66

Trust: 0.3

vendor:adobemodel:flash player release candidascope:eqversion:10.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.27

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.18

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.28

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.153.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.2460

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.452

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.102.65

Trust: 0.3

sources: BID: 47961 // JVNDB: JVNDB-2011-001692 // CNNVD: CNNVD-201105-262 // NVD: CVE-2011-0628

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-0628
value: HIGH

Trust: 1.0

NVD: CVE-2011-0628
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201105-262
value: CRITICAL

Trust: 0.6

VULHUB: VHN-48573
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-0628
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-48573
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-48573 // JVNDB: JVNDB-2011-001692 // CNNVD: CNNVD-201105-262 // NVD: CVE-2011-0628

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-48573 // JVNDB: JVNDB-2011-001692 // NVD: CVE-2011-0628

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 105802 // CNNVD: CNNVD-201105-262

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201105-262

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-001692

PATCH

title:APSB11-12url:http://www.adobe.com/support/security/bulletins/apsb11-12.html

Trust: 0.8

title:cpsid_90300url:http://kb2.adobe.com/jp/cps/903/cpsid_90300.html

Trust: 0.8

title:APSB11-12url:http://www.adobe.com/jp/support/security/bulletins/apsb11-12.html

Trust: 0.8

title:RHSA-2011:0511url:https://rhn.redhat.com/errata/RHSA-2011-0511.html

Trust: 0.8

title:Multiple vulnerabilities in Adobe Flashplayerurl:http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer

Trust: 0.8

sources: JVNDB: JVNDB-2011-001692

EXTERNAL IDS

db:NVDid:CVE-2011-0628

Trust: 2.9

db:BIDid:47961

Trust: 2.8

db:SECUNIAid:43269

Trust: 1.0

db:JVNDBid:JVNDB-2011-001692

Trust: 0.8

db:CNNVDid:CNNVD-201105-262

Trust: 0.7

db:XFid:67638

Trust: 0.6

db:IDEFENSEid:20110524 ADOBE FLASH PLAYER ACTIONSCRIPT INTEGER OVERFLOW VULNERABILITY

Trust: 0.6

db:NSFOCUSid:16865

Trust: 0.6

db:SEEBUGid:SSVID-20583

Trust: 0.1

db:VULHUBid:VHN-48573

Trust: 0.1

db:PACKETSTORMid:105802

Trust: 0.1

db:ZDIid:ZDI-11-218

Trust: 0.1

db:ZDIid:ZDI-11-219

Trust: 0.1

db:PACKETSTORMid:102309

Trust: 0.1

sources: VULHUB: VHN-48573 // BID: 47961 // JVNDB: JVNDB-2011-001692 // PACKETSTORM: 105802 // PACKETSTORM: 102309 // CNNVD: CNNVD-201105-262 // NVD: CVE-2011-0628

REFERENCES

url:http://www.securityfocus.com/bid/47961

Trust: 2.5

url:http://www.adobe.com/support/security/bulletins/apsb11-12.html

Trust: 2.1

url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=908

Trust: 2.0

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a13994

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15639

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/67638

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0628

Trust: 0.8

url:http://www.ipa.go.jp/security/ciadr/vul/20110513-adobe.html

Trust: 0.8

url:http://www.jpcert.or.jp/at/2011/at110013.txt

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0628

Trust: 0.8

url:http://secunia.com/advisories/43269

Trust: 0.8

url:http://www.npa.go.jp/cyberpolice/#topics

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/67638

Trust: 0.6

url:http://www.nsfocus.net/vulndb/16865

Trust: 0.6

url:http://www.adobe.com

Trust: 0.3

url:http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/127e996-10b83-4ab94539ab540/cert_xrx11-003_v1.0.pdf

Trust: 0.3

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0579

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0624

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0627

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0622

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0626

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0608

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0574

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0625

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0575

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0558

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0572

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2444

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0607

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0623

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0560

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0620

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0621

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0560

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0609

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0624

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0626

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2107

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416

Trust: 0.1

url:http://www.adobe.com/support/security/bulletins/apsb11-02.html

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2429

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2110

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0628

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0574

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0573

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0575

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0571

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0559

Trust: 0.1

url:https://www.adobe.com/support/security/bulletins/apsb11-21.html

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2426

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0620

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0579

Trust: 0.1

url:http://www.adobe.com/support/security/bulletins/apsb11-13.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0578

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0611

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0573

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0561

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0572

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0618

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0619

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0561

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0558

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0589

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0578

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0623

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0621

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0577

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0609

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0627

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2428

Trust: 0.1

url:http://www.adobe.com/support/security/advisories/apsa11-02.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0619

Trust: 0.1

url:https://www.adobe.com/support/security/bulletins/apsb11-26.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0628

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0607

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2430

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2427

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201110-11.xml

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0559

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0625

Trust: 0.1

url:http://www.adobe.com/support/security/advisories/apsa11-01.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0608

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0571

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0622

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0611

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0618

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0577

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/advisories/43269/

Trust: 0.1

url:http://conference.first.org/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/43269/#comments

Trust: 0.1

url:http://www.adobe.com/support/security/bulletins/apsb11-16.html

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/zdi-11-218/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/zdi-11-219/

Trust: 0.1

url:http://secunia.com/secunia_research/2011-41/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=43269

Trust: 0.1

sources: VULHUB: VHN-48573 // BID: 47961 // JVNDB: JVNDB-2011-001692 // PACKETSTORM: 105802 // PACKETSTORM: 102309 // CNNVD: CNNVD-201105-262 // NVD: CVE-2011-0628

CREDITS

Vitaliy Toropov through iDefense's Vulnerability Contributor Program

Trust: 0.9

sources: BID: 47961 // CNNVD: CNNVD-201105-262

SOURCES

db:VULHUBid:VHN-48573
db:BIDid:47961
db:JVNDBid:JVNDB-2011-001692
db:PACKETSTORMid:105802
db:PACKETSTORMid:102309
db:CNNVDid:CNNVD-201105-262
db:NVDid:CVE-2011-0628

LAST UPDATE DATE

2024-11-23T20:05:02.267000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-48573date:2018-10-30T00:00:00
db:BIDid:47961date:2013-06-20T09:38:00
db:JVNDBid:JVNDB-2011-001692date:2011-08-04T00:00:00
db:CNNVDid:CNNVD-201105-262date:2011-06-01T00:00:00
db:NVDid:CVE-2011-0628date:2024-11-21T01:24:29.420

SOURCES RELEASE DATE

db:VULHUBid:VHN-48573date:2011-05-31T00:00:00
db:BIDid:47961date:2011-05-24T00:00:00
db:JVNDBid:JVNDB-2011-001692date:2011-06-09T00:00:00
db:PACKETSTORMid:105802date:2011-10-14T06:16:06
db:PACKETSTORMid:102309date:2011-06-16T02:14:44
db:CNNVDid:CNNVD-201105-262date:1900-01-01T00:00:00
db:NVDid:CVE-2011-0628date:2011-05-31T20:55:01.687