Main Vulnerability Database Vulnerabilities #VU44956

Input validation error in Shockwave Player - CVE-2011-2118

Published: June 17, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44956

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2011-2118

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Adobe

Affected software:
Shockwave Player

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to an "input validation vulnerability."

How to mitigate CVE-2011-2118

Install update from vendor's website.

Sources

http://www.adobe.com/support/security/bulletins/apsb11-17.html
http://www.us-cert.gov/cas/techalerts/TA11-166A.html

Input validation error in Shockwave Player - CVE-2011-2118

Detailed vulnerability description

How to mitigate CVE-2011-2118

Sources

Please verify you're human