Internet threat level: 1
Home→Descriptions→SA45583
Adobe Flash Player Multiple Vulnerabilities
| Secunia ID | |
| CVE-ID |
CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425 |
| Release Date |
10 Aug 2011 |
| Last Change |
17 Feb 2012 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Adobe AIR 2.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. Exposure of sensitive informationVulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote. |
| Description |
Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. 1) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 2) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 3) An error exists within a certain ActionScript function in the "flash.display" class when parsing certain parameters and can be exploited to corrupt memory and potentially execute arbitrary code. 4) An integer overflow error within a certain ActionScript function can be exploited to corrupt memory and potentially execute arbitrary code. 5) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 6) An integer overflow error when handling the "scroll" method of the ActionScript Bitmap class can be exploited to corrupt memory. 7) An unspecified error can be exploited to disclose certain information from another domain. 8) A boundary error when processing the H.264/AVC Decoder Configuration record can be exploited to cause a stack-based buffer overflow via a specially crafted Sequence Parameter Set NAL unit. 9) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 10) An error within the "Setslot()" method when parsing a certain field from an SWF file can be exploited to cause a buffer overflow and potentially execute arbitrary code. 11) An integer overflow error within a certain ActionScript function can be exploited to corrupt memory and potentially execute arbitrary code. 12) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code. 13) An error within the "Bitmapdata" class when parsing a certain field from an SWF file can be exploited to corrupt memory and potentially execute arbitrary code. 14) 80 unspecified errors of various types when parsing SWF file content may be exploited to corrupt memory. The vulnerabilities are reported in the following products: |
| Solution |
Update to a fixed version. Adobe Flash Player Windows, Macintosh, Linux and Solaris: Adobe Flash Player for Android: Adobe AIR for Windows and Macintosh: AIR for Android: |
| Reported by |
1) Reported by the vendor The vendor credits: |
| Original Advisory |
Adobe (APSB11-21): iDefense: FortiGuard Labs: Google: ZDI: |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.