#VU44526 Buffer overflow in Adobe AIR - CVE-2011-2456
Published: November 11, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU44526
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2011-2456
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Adobe AIR
Adobe AIR
Software vendor:
Adobe
Adobe
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.
Remediation
Install update from vendor's website.
External links
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html
- http://secunia.com/advisories/48819
- http://security.gentoo.org/glsa/glsa-201204-07.xml
- http://www.adobe.com/support/security/bulletins/apsb11-28.html
- http://www.redhat.com/support/errata/RHSA-2011-1445.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14215
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16046