Buffer overflow in Adobe AIR - CVE-2011-2450
Published: November 11, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU44520
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2011-2450
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Adobe
Affected software:
Adobe AIR
Adobe AIR
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
How to mitigate CVE-2011-2450
Install update from vendor's website.
Sources
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html
- http://secunia.com/advisories/48819
- http://security.gentoo.org/glsa/glsa-201204-07.xml
- http://www.adobe.com/support/security/bulletins/apsb11-28.html
- http://www.redhat.com/support/errata/RHSA-2011-1445.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14507
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16217