Buffer overflow in Adobe AIR - CVE-2011-2456
Published: November 11, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU44526
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2011-2456
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Adobe
Affected software:
Adobe AIR
Adobe AIR
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.
How to mitigate CVE-2011-2456
Install update from vendor's website.
Sources
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html
- http://secunia.com/advisories/48819
- http://security.gentoo.org/glsa/glsa-201204-07.xml
- http://www.adobe.com/support/security/bulletins/apsb11-28.html
- http://www.redhat.com/support/errata/RHSA-2011-1445.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14215
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16046