Main Vulnerability Database Vulnerabilities #VU44958

Input validation error in Shockwave Player - CVE-2011-2120

Published: June 17, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44958

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2011-2120

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Adobe

Affected software:
Shockwave Player

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Integer overflow in the CursorAsset x32 component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.

How to mitigate CVE-2011-2120

Install update from vendor's website.

Sources

http://www.adobe.com/support/security/bulletins/apsb11-17.html
http://www.us-cert.gov/cas/techalerts/TA11-166A.html

Input validation error in Shockwave Player - CVE-2011-2120

Detailed vulnerability description

How to mitigate CVE-2011-2120

Sources

Please verify you're human