Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2011-0625
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:58:26.045Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:14077", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14077" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "name": "SUSE-SA:2011:025", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "name": "oval:org.mitre.oval:def:16076", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16076" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-05-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "oval:org.mitre.oval:def:14077", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14077" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "name": "SUSE-SA:2011:025", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "name": "oval:org.mitre.oval:def:16076", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16076" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-0625", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:14077", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14077" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb11-12.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "name": "SUSE-SA:2011:025", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "name": "oval:org.mitre.oval:def:16076", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16076" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2011-0625", "datePublished": "2011-05-13T22:00:00", "dateReserved": "2011-01-20T00:00:00", "dateUpdated": "2024-08-06T21:58:26.045Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2011-0625\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2011-05-13T22:55:01.517\",\"lastModified\":\"2024-11-21T01:24:29.020\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \\\"bounds checking\\\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626.\"},{\"lang\":\"es\",\"value\":\"Adobe Flash Player antes de v10.3.181.14 en Windows, Mac OS X, Linux y Solaris, y antes de v10.3.185.21 en Android, permite a los atacantes ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados, asociados a un problema de \\\"comprobaci\u00f3n de l\u00edmites\\\", una vulnerabilidad diferente de CVE- 2011-0623, CVE-2011-0624, y CVE-2011-0626.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.2.159.1\",\"matchCriteriaId\":\"9B99FD14-C6C8-49A5-A21F-7CEB4713CF4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7143E94B-F3CD-4E32-A7BB-C72C816EEACA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4654752C-F677-4066-8C48-BAD09392A594\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDFF4A51-C936-4C5B-8276-FD454C9E4F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5ECC9D7-3386-4FEA-9218-91E31FF90F3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E81EA32-9621-4ACE-9191-2E9B8C24D500\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B0E10D6-6348-471B-918A-60AAE2AC5F86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7FBE855-7EE3-46F2-9FA1-0366AC8C5D24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0E93289-6EE0-401A-958D-F59D2CDAE2F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A67FC00F-0C85-4DD7-81EA-65533EABC767\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14E67AD7-0791-4D5D-A3B2-E173088B5228\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAF07696-9C85-470E-B608-1B0193CAFB6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0DC1B9D-686D-46A3-B9F4-DD4E078DF74D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BC3ABBA-8B36-448D-883B-C675C202028A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF2A52D9-0A1C-4E53-AFA2-148FF03D23A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A82D5B56-44E0-4120-B73E-0A1155AF4B05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E895107-ED8A-4F88-87C3-935EAE299C01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1752F67C-75A9-4226-AB30-A94EB6C85526\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4007D621-A0BC-4927-82A7-10D73802BCF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"641776AE-5408-439E-8290-DD9324771874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"138A932A-D775-46A2-86EC-3C03C96884C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D12E3957-D7B2-4F3B-BB64-8B50B8958DEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0C5537E-3153-400D-9F9B-91E7F1218C8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32912721-F750-4C20-B999-E728F7D3A85D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6693B1C4-B2A9-4725-AD0E-A266B9DF55AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A95FA639-346C-491C-81A8-6C2A7B01AA19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC7DD938-F963-4E03-B66B-F00436E4EA9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"351825F4-227D-4743-A74B-EAFC1034500B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A0777F-22C2-4FD5-BE81-8982BE6874D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"600DDA9D-6440-48D1-8539-7127398A8678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"934A869D-D58D-4C36-B86E-013F62790585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFA6611-99DA-48B0-89F7-DD99B8E30334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59AF804B-BD7A-4AD7-AD44-B5D980443B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5D52F86-2E38-4C66-9939-7603367B8D0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0557AA2A-FA3A-460A-8F03-DC74B149CA3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FC04ABF-6191-4AA5-90B2-E7A97E6C6005\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F22F1B02-CCF5-4770-A79B-1F58CA4321CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93957171-F1F4-43ED-A8B9-2D36C81EB1F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AE89894-E492-4380-8A2B-4CDD3A15667A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C6ED706-BAF2-4795-B597-6F7EE8CA8911\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"260E2CF6-4D15-4168-A933-3EC52D8F93FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D50BF190-2629-49A8-A377-4723C93FFB3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E59E2AD-38BB-46DF-AC0D-D36F1F259AD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD04F04C-30CE-4A8D-B254-B10DEF62CEEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96DC7742-499D-4BF5-9C5B-FCFF912A9892\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDD0A103-6D00-4D3D-9570-2DF74B6FE294\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33AC4365-576C-487A-89C5-197A26D416C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84B367AC-E1E1-4BC5-8BF4-D5B517C0CA7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0A9C054-1F82-41DD-BE13-2B71B6F87F22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB0781E-D5B5-4576-ABD4-0EE1C0C3DF12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AE15288-9344-41ED-B574-6DC4A4DDE386\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84963C1D-06C1-4FBF-A3B8-EB14D2EB43DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE848097-01E6-4C9B-9593-282D55CC77D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08E4028B-72E7-4E4A-AD0F-645F5AACAA29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63313ADA-3C52-47C8-9745-6BF6AEF0F6AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA646396-7C10-45A0-89A9-C75C5D8AFB3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"476BB487-150A-4482-8C84-E6A2995A97E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3555324F-40F8-4BF4-BE5F-52A1E22B3AFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60540FDE-8C31-4679-A85E-614B1EFE1FF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE652520-B693-47F1-A342-621C149A7430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0EC3272-8E1E-4415-A254-BB6C7FB49BEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CF5AF16-A4F2-4E65-ADA8-DE11BE1F198D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7DF88E7-1A67-447C-BCF8-5C5564002207\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"460A0D6C-3A06-4910-B1E5-375E12F64F6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"950D8316-8117-4C09-A2A9-B34191957D32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5484DE8-3CB1-4591-BF30-0D5E255034E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02EBACEB-1266-4A2C-A47E-066D12EE5B96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA86C5B3-1FC9-4585-9566-862A0318AF2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC09395-A9C7-4D7F-9B55-3120A84CB427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C2A6BBE-6033-4EF2-B890-9BD8867CC65A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3ACD1B2-F952-46C8-989A-C4744E16D5E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E91594E8-5320-4B6A-A4D8-17BBF211A96E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"110ED819-CFFD-4DA6-BE13-08CDEFD17ADF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3FD4968-B784-40D5-A09C-51F303A4C8C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8314735-FF59-48CF-898B-95967B2856DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F52F734-0C14-4FE6-82C7-038C28383A12\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"155AD4FB-E527-4103-BCEF-801B653DEA37\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05924C67-F9A0-450E-A5B8-059651DD32E3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.2.157.51\",\"matchCriteriaId\":\"618C6D69-361C-44CC-92EE-088015A8346F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02EBACEB-1266-4A2C-A47E-066D12EE5B96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA86C5B3-1FC9-4585-9566-862A0318AF2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C2A6BBE-6033-4EF2-B890-9BD8867CC65A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33B7290A-8A7E-496D-95C4-DADA2821859B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05D97485-2C56-4B63-B105-BDB44E853210\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E007346-F45A-456F-BD0A-F3110A5854FD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8255F035-04C8-4158-B301-82101711939C\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb11-12.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14077\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16076\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb11-12.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
rhsa-2011_0511
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated Adobe Flash Player package that fixes multiple security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB11-12, listed\nin the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2011-0618,\nCVE-2011-0619, CVE-2011-0620, CVE-2011-0621, CVE-2011-0622, CVE-2011-0623,\nCVE-2011-0624, CVE-2011-0625, CVE-2011-0626, CVE-2011-0627)\n\nThis update also fixes an information disclosure flaw in flash-plugin.\n(CVE-2011-0579)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.3.181.14.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2011:0511", "url": "https://access.redhat.com/errata/RHSA-2011:0511" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb11-12.html", "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "category": "external", "summary": "704368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704368" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_0511.json" } ], "title": "Red Hat Security Advisory: flash-plugin security update", "tracking": { "current_release_date": "2024-11-14T11:29:00+00:00", "generator": { "date": "2024-11-14T11:29:00+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2011:0511", "initial_release_date": "2011-05-13T09:05:00+00:00", "revision_history": [ { "date": "2011-05-13T09:05:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2011-05-13T05:06:15+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T11:29:00+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "flash-plugin-0:10.3.181.14-1.el5.i386", "product": { "name": "flash-plugin-0:10.3.181.14-1.el5.i386", "product_id": "flash-plugin-0:10.3.181.14-1.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/flash-plugin@10.3.181.14-1.el5?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "flash-plugin-0:10.3.181.14-1.el6.i686", "product": { "name": "flash-plugin-0:10.3.181.14-1.el6.i686", "product_id": "flash-plugin-0:10.3.181.14-1.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/flash-plugin@10.3.181.14-1.el6?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "flash-plugin-0:10.3.181.14-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386" }, "product_reference": "flash-plugin-0:10.3.181.14-1.el5.i386", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "flash-plugin-0:10.3.181.14-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386" }, "product_reference": "flash-plugin-0:10.3.181.14-1.el5.i386", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "flash-plugin-0:10.3.181.14-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" }, "product_reference": "flash-plugin-0:10.3.181.14-1.el6.i686", "relates_to_product_reference": "6Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "flash-plugin-0:10.3.181.14-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" }, "product_reference": "flash-plugin-0:10.3.181.14-1.el6.i686", "relates_to_product_reference": "6Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "flash-plugin-0:10.3.181.14-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" }, "product_reference": "flash-plugin-0:10.3.181.14-1.el6.i686", "relates_to_product_reference": "6Workstation-Supplementary" } ] }, "vulnerabilities": [ { "cve": "CVE-2011-0579", "discovery_date": "2011-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "704368" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0579" }, { "category": "external", "summary": "RHBZ#704368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704368" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0579", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0579" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0579", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0579" } ], "release_date": "2011-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-05-13T09:05:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0511" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)" }, { "cve": "CVE-2011-0618", "discovery_date": "2011-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "704368" } ], "notes": [ { "category": "description", "text": "Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0618" }, { "category": "external", "summary": "RHBZ#704368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704368" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0618", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0618" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0618", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0618" } ], "release_date": "2011-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-05-13T09:05:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0511" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)" }, { "cve": "CVE-2011-0619", "discovery_date": "2011-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "704368" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0619" }, { "category": "external", "summary": "RHBZ#704368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704368" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0619", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0619" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0619", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0619" } ], "release_date": "2011-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-05-13T09:05:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0511" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)" }, { "cve": "CVE-2011-0620", "discovery_date": "2011-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "704368" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0621, and CVE-2011-0622.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0620" }, { "category": "external", "summary": "RHBZ#704368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704368" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0620", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0620" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0620", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0620" } ], "release_date": "2011-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-05-13T09:05:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0511" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)" }, { "cve": "CVE-2011-0621", "discovery_date": "2011-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "704368" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0621" }, { "category": "external", "summary": "RHBZ#704368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704368" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0621", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0621" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0621", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0621" } ], "release_date": "2011-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-05-13T09:05:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0511" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)" }, { "cve": "CVE-2011-0622", "discovery_date": "2011-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "704368" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0622" }, { "category": "external", "summary": "RHBZ#704368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704368" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0622", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0622" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0622", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0622" } ], "release_date": "2011-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-05-13T09:05:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0511" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)" }, { "cve": "CVE-2011-0623", "discovery_date": "2011-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "704368" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0623" }, { "category": "external", "summary": "RHBZ#704368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704368" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0623", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0623" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0623", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0623" } ], "release_date": "2011-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-05-13T09:05:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0511" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)" }, { "cve": "CVE-2011-0624", "discovery_date": "2011-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "704368" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0624" }, { "category": "external", "summary": "RHBZ#704368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704368" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0624", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0624" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0624", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0624" } ], "release_date": "2011-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-05-13T09:05:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0511" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)" }, { "cve": "CVE-2011-0625", "discovery_date": "2011-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "704368" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0625" }, { "category": "external", "summary": "RHBZ#704368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704368" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0625", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0625" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0625", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0625" } ], "release_date": "2011-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-05-13T09:05:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0511" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)" }, { "cve": "CVE-2011-0626", "discovery_date": "2011-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "704368" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0626" }, { "category": "external", "summary": "RHBZ#704368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704368" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0626", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0626" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0626", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0626" } ], "release_date": "2011-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-05-13T09:05:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0511" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)" }, { "cve": "CVE-2011-0627", "discovery_date": "2011-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "704368" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0627" }, { "category": "external", "summary": "RHBZ#704368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704368" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0627", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0627" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0627", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0627" } ], "release_date": "2011-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-05-13T09:05:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0511" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)" }, { "cve": "CVE-2011-0628", "discovery_date": "2011-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "704368" } ], "notes": [ { "category": "description", "text": "Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0628" }, { "category": "external", "summary": "RHBZ#704368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704368" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0628", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0628" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0628", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0628" } ], "release_date": "2011-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-05-13T09:05:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0511" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "5Server-Supplementary:flash-plugin-0:10.3.181.14-1.el5.i386", "6Client-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Server-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686", "6Workstation-Supplementary:flash-plugin-0:10.3.181.14-1.el6.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: crash and potential arbitrary code execution (APSB11-12)" } ] }
gsd-2011-0625
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2011-0625", "description": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626.", "id": "GSD-2011-0625", "references": [ "https://www.suse.com/security/cve/CVE-2011-0625.html", "https://access.redhat.com/errata/RHSA-2011:0511" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2011-0625" ], "details": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626.", "id": "GSD-2011-0625", "modified": "2023-12-13T01:19:04.471263Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-0625", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:14077", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14077" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb11-12.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "name": "SUSE-SA:2011:025", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "name": "oval:org.mitre.oval:def:16076", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16076" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.159.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2.157.51", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-0625" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb11-12.html", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "name": "SUSE-SA:2011:025", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "name": "oval:org.mitre.oval:def:16076", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16076" }, { "name": "oval:org.mitre.oval:def:14077", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14077" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true } }, "lastModifiedDate": "2018-10-30T16:26Z", "publishedDate": "2011-05-13T22:55Z" } } }
var-201105-0016
Vulnerability from variot
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626. Adobe Flash Player Contains a vulnerability that allows arbitrary code execution. This vulnerability CVE-2011-0623 , CVE-2011-0624 and CVE-2011-0626 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUSE Security Announcement
Package: flash-player
Announcement ID: SUSE-SA:2011:025
Date: Tue, 17 May 2011 12:00:00 +0000
Affected Products: openSUSE 11.3
openSUSE 11.4
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 10 SP4
Vulnerability Type: remote code execution
CVSS v2 Base Score: 6.8
SUSE Default Package: yes
Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619
CVE-2011-0620, CVE-2011-0621, CVE-2011-0622
CVE-2011-0623, CVE-2011-0624, CVE-2011-0625
CVE-2011-0626, CVE-2011-0627
Content of This Advisory:
1) Problem Description
flash-player security update to 10.3
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
6) Authenticity Verification and Additional Information
1) Problem Description and Brief Discussion
Flash Player has been updated to version 10.3, fixing bugs and security issues. - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189) - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20)
More information can be found on: http://www.adobe.com/support/security/bulletins/apsb11-12.html
2) Solution or Work-Around
If supported by the browser, you can disable the flash plugin.
3) Special Instructions and Notes
After the flash player update has been installed, all programs utilizing the flash plugin should be restarted. In particular web browser sessions should be restarted.a
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing
x86 Platform:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
Sources:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web:
SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69
SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
-
Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
gpg --verify
replacing
with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made
using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team security@suse.de" where
is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
-
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
rpm -v --checksig
to verify the signature of the package, replacing
with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
-
SUSE runs two security mailing lists to which any interested party may subscribe:
opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security+subscribe@opensuse.org.
opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security-announce+subscribe@opensuse.org. The security@suse.de public key is listed below. =====================================================================
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security@suse.de pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build@suse.de
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux)
iQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh fF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6 3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924 6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh wYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9 rQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw== =mivB -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
For more information: SA44590
SOLUTION: Updated packages are available via Red Hat Network.
For more information: SA44590
2) An error within WebKit glue may result in an incorrect type cast.
3) Multiple integer overflow errors exist within the handling of SVG filters.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10"
References
[ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43269
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
RELEASE DATE: 2011-06-16
DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43269/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43269
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
3) An unspecified error can be exploited to cause a heap-based buffer overflow.
4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file.
5) An unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to corrupt memory.
7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.
9) An unspecified error can be exploited to bypass certain security restrictions.
This vulnerability affects Adobe Reader and Acrobat X 10.x only.
10) An unspecified error can be exploited to corrupt memory.
This vulnerability affects 8.x versions only.
11) An unspecified error can be exploited to corrupt memory.
12) An unspecified error can be exploited to corrupt memory.
13) An unspecified error can be exploited to corrupt memory.
For more information: SA44590 SA44846
The vulnerabilities are reported in the following products: * Adobe Reader X (10.0.1) and earlier for Windows. * Adobe Reader X (10.0.3) and earlier for Macintosh. * Adobe Reader 9.4.4 and earlier for Windows and Macintosh. * Adobe Reader 8.2.6 and earlier for Windows and Macintosh. * Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. * Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. * Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh.
SOLUTION: Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research.
The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico.
ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html
Secunia Research: http://secunia.com/secunia_research/2011-41/
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0016", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.25" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.105.6" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.156.12" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.95.2" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.2.154.13" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.92.10" }, { "model": "flash player", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.1.106.16" }, { "model": "flash player", "scope": "lte", "trust": 1.8, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash player", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.1.92.8" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.246.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.15.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.53.64" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.115.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.31.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.124.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.95.1" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.152.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.47.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.45.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.42.34" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.2.152.33" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.48.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.22.87" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.85.3" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.28.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.260.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.82.76" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.32.18" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.277.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.159.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0.12.36" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.0.151.0" }, { "model": "flash player", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.1.102.64" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.33.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.21.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.15" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.45.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.61.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.34.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.2" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.16" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.22.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.2.152.32" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.60.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.262.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.25" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.79" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.53.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.20.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.35.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.155.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.12.10" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.14.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.66.0" }, { "model": "flash player", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.1.52.14.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.112.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.114.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.19.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.18d60" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0.0.584" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.24.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.63" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.125.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.73.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.1" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.28" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.67.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.39.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.31" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0.283.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.68.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.70.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0.42.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.69.0" }, { "model": "flash player", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.1" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.157.51" }, { "model": "flash player", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "10.2.159.1" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "cs4 professional" }, { "model": "flash", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "professional cs5" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.154.28 for chrome users" }, { "model": "flash player", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "10.2.157.51 for android" }, { "model": "flex", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "rhel supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6.z (server)" }, { "model": "rhel supplementary long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6 (server)" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3218" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.12.35" }, { "model": "freeflow print server 73.b0.73", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.289.0" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.152.21" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.185.21" }, { "model": "hat enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "in motion blackberry playbook tablet software", "scope": "ne", "trust": 0.3, "vendor": "research", "version": "1.0.6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.280" }, { "model": "freeflow print server 73.a3.31", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "in motion blackberry playbook tablet software", "scope": "eq", "trust": 0.3, "vendor": "research", "version": "1.0.5.2342" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "flash cs4 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "flash player", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.3.181.14" }, { "model": "flash cs5 professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "0" }, { "model": "solaris express", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.262" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.24" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "hat enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.51.66" }, { "model": "flash player release candida", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.27" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.18" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.154.28" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.2.153.1" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.0.2460" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.452" }, { "model": "hat enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "flash player", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.102.65" } ], "sources": [ { "db": "BID", "id": "47813" }, { "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "db": "CNNVD", "id": "CNNVD-201105-178" }, { "db": "NVD", "id": "CVE-2011-0625" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:adobe:flash", "vulnerable": true }, { "cpe22Uri": "cpe:/a:adobe:flash_player", "vulnerable": true }, { "cpe22Uri": "cpe:/a:adobe:flex", "vulnerable": true }, { "cpe22Uri": "cpe:/o:oracle:solaris", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary_eus", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_workstation_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_desktop_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_supplementary_eus", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_supplementary_long_life", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001651" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Secunia", "sources": [ { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 0.4 }, "cve": "CVE-2011-0625", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2011-0625", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-48570", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-0625", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2011-0625", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201105-178", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-48570", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-48570" }, { "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "db": "CNNVD", "id": "CNNVD-201105-178" }, { "db": "NVD", "id": "CVE-2011-0625" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626. Adobe Flash Player Contains a vulnerability that allows arbitrary code execution. This vulnerability CVE-2011-0623 , CVE-2011-0624 and CVE-2011-0626 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n______________________________________________________________________________\n\n SUSE Security Announcement\n\n Package: flash-player\n Announcement ID: SUSE-SA:2011:025\n Date: Tue, 17 May 2011 12:00:00 +0000\n Affected Products: openSUSE 11.3\n openSUSE 11.4\n SUSE Linux Enterprise Desktop 11 SP1\n SUSE Linux Enterprise Desktop 10 SP4\n Vulnerability Type: remote code execution\n CVSS v2 Base Score: 6.8\n SUSE Default Package: yes\n Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619\n CVE-2011-0620, CVE-2011-0621, CVE-2011-0622\n CVE-2011-0623, CVE-2011-0624, CVE-2011-0625\n CVE-2011-0626, CVE-2011-0627\n\n Content of This Advisory:\n 1) Problem Description\n flash-player security update to 10.3\n 2) Solution or Work-Around\n 3) Special Instructions and Notes\n 4) Package Location and Checksums\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n 6) Authenticity Verification and Additional Information\n\n______________________________________________________________________________\n\n1) Problem Description and Brief Discussion\n\n Flash Player has been updated to version 10.3, fixing bugs\n and security issues. \n - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Numeric Errors (CWE-189)\n - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n \n More information can be found on:\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n\n2) Solution or Work-Around\n\n If supported by the browser, you can disable the flash plugin. \n\n3) Special Instructions and Notes\n\n After the flash player update has been installed, all programs utilizing\n the flash plugin should be restarted. In particular web browser sessions\n should be restarted.a\n\n4) Package Location and Checksums\n\n The preferred method for installing security updates is to use the YaST\n \"Online Update\" module or the \"zypper\" commandline tool. The package and\n patch management stack will detect which updates are required and\n automatically perform the necessary steps to verify and install them. \n\n Alternatively, download the update packages for your distribution manually\n and verify their integrity by the methods listed in Section 6 of this\n announcement. Then install the packages using the command\n\n rpm -Fhv \u003cfile.rpm\u003e\n\n to apply the update, replacing \u003cfile.rpm\u003e with the filename of the\n downloaded RPM package. \n\n \n x86 Platform:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n Sources:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n Our maintenance customers are notified individually. The packages are\n offered for installation from the maintenance web:\n \n SUSE Linux Enterprise Desktop 10 SP4\n http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69\n \n SUSE Linux Enterprise Desktop 11 SP1\n http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad\n\n______________________________________________________________________________\n\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n\n See SUSE Security Summary Report. \n\n______________________________________________________________________________\n\n6) Authenticity Verification and Additional Information\n\n - Announcement authenticity verification:\n\n SUSE security announcements are published via mailing lists and on Web\n sites. The authenticity and integrity of a SUSE security announcement is\n guaranteed by a cryptographic signature in each announcement. All SUSE\n security announcements are published with a valid signature. \n\n To verify the signature of the announcement, save it as text into a file\n and run the command\n\n gpg --verify \u003cfile\u003e\n\n replacing \u003cfile\u003e with the name of the file where you saved the\n announcement. The output for a valid signature looks like:\n\n gpg: Signature made \u003cDATE\u003e using RSA key ID 3D25D3D9\n gpg: Good signature from \"SuSE Security Team \u003csecurity@suse.de\u003e\"\n\n where \u003cDATE\u003e is replaced by the date the document was signed. \n\n If the security team\u0027s key is not contained in your key ring, you can\n import it from the first installation CD. To import the key, use the\n command\n\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\n\n - Package authenticity verification:\n\n SUSE update packages are available on many mirror FTP servers all over the\n world. While this service is considered valuable and important to the free\n and open source software community, the authenticity and the integrity of\n a package needs to be verified to ensure that it has not been tampered\n with. \n\n The internal rpm package signatures provide an easy way to verify the\n authenticity of an RPM package. Use the command\n\n rpm -v --checksig \u003cfile.rpm\u003e\n\n to verify the signature of the package, replacing \u003cfile.rpm\u003e with the\n filename of the RPM package downloaded. The package is unmodified if it\n contains a valid signature from build@suse.de with the key ID 9C800ACA. \n\n This key is automatically imported into the RPM database (on\n RPMv4-based distributions) and the gpg key ring of \u0027root\u0027 during\n installation. You can also find it on the first installation CD and at\n the end of this announcement. \n\n - SUSE runs two security mailing lists to which any interested party may\n subscribe:\n\n opensuse-security@opensuse.org\n - General Linux and SUSE security discussion. \n All SUSE security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security+subscribe@opensuse.org\u003e. \n\n opensuse-security-announce@opensuse.org\n - SUSE\u0027s announce-only mailing list. \n Only SUSE\u0027s security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security-announce+subscribe@opensuse.org\u003e. \n The \u003csecurity@suse.de\u003e public key is listed below. \n =====================================================================\n______________________________________________________________________________\n\n The information in this advisory may be distributed or reproduced,\n provided that the advisory is not modified in any way. In particular, the\n clear text signature should show proof of the authenticity of the text. \n\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\n with respect to the information contained in this security advisory. \n\nType Bits/KeyID Date User ID\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team \u003csecurity@suse.de\u003e\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key \u003cbuild@suse.de\u003e\n\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.2 (GNU/Linux)\n\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\n=ypVs\n- -----END PGP PUBLIC KEY BLOCK-----\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.9 (GNU/Linux)\n\niQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh\nfF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6\n3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924\n6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh\nwYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9\nrQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw==\n=mivB\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nFor more information:\nSA44590\n\nSOLUTION:\nUpdated packages are available via Red Hat Network. \n\nFor more information:\nSA44590\n\n2) An error within WebKit glue may result in an incorrect type cast. \n\n3) Multiple integer overflow errors exist within the handling of SVG\nfilters. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers and Adobe Security Advisories and\nBulletins referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-plugins/adobe-flash-10.3.183.10\"\n\nReferences\n==========\n\n[ 1 ] APSA11-01\n http://www.adobe.com/support/security/advisories/apsa11-01.html\n[ 2 ] APSA11-02\n http://www.adobe.com/support/security/advisories/apsa11-02.html\n[ 3 ] APSB11-02\n http://www.adobe.com/support/security/bulletins/apsb11-02.html\n[ 4 ] APSB11-12\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n[ 5 ] APSB11-13\n http://www.adobe.com/support/security/bulletins/apsb11-13.html\n[ 6 ] APSB11-21\n https://www.adobe.com/support/security/bulletins/apsb11-21.html\n[ 7 ] APSB11-26\n https://www.adobe.com/support/security/bulletins/apsb11-26.html\n[ 8 ] CVE-2011-0558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558\n[ 9 ] CVE-2011-0559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559\n[ 10 ] CVE-2011-0560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560\n[ 11 ] CVE-2011-0561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561\n[ 12 ] CVE-2011-0571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571\n[ 13 ] CVE-2011-0572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572\n[ 14 ] CVE-2011-0573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573\n[ 15 ] CVE-2011-0574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574\n[ 16 ] CVE-2011-0575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575\n[ 17 ] CVE-2011-0577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577\n[ 18 ] CVE-2011-0578\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578\n[ 19 ] CVE-2011-0579\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579\n[ 20 ] CVE-2011-0589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589\n[ 21 ] CVE-2011-0607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607\n[ 22 ] CVE-2011-0608\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608\n[ 23 ] CVE-2011-0609\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609\n[ 24 ] CVE-2011-0611\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611\n[ 25 ] CVE-2011-0618\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618\n[ 26 ] CVE-2011-0619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619\n[ 27 ] CVE-2011-0620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620\n[ 28 ] CVE-2011-0621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621\n[ 29 ] CVE-2011-0622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622\n[ 30 ] CVE-2011-0623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623\n[ 31 ] CVE-2011-0624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624\n[ 32 ] CVE-2011-0625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625\n[ 33 ] CVE-2011-0626\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626\n[ 34 ] CVE-2011-0627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627\n[ 35 ] CVE-2011-0628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628\n[ 36 ] CVE-2011-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107\n[ 37 ] CVE-2011-2110\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110\n[ 38 ] CVE-2011-2125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135\n[ 39 ] CVE-2011-2130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130\n[ 40 ] CVE-2011-2134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134\n[ 41 ] CVE-2011-2136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136\n[ 42 ] CVE-2011-2137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137\n[ 43 ] CVE-2011-2138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138\n[ 44 ] CVE-2011-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139\n[ 45 ] CVE-2011-2140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140\n[ 46 ] CVE-2011-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414\n[ 47 ] CVE-2011-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415\n[ 48 ] CVE-2011-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416\n[ 49 ] CVE-2011-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417\n[ 50 ] CVE-2011-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424\n[ 51 ] CVE-2011-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425\n[ 52 ] CVE-2011-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426\n[ 53 ] CVE-2011-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427\n[ 54 ] CVE-2011-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428\n[ 55 ] CVE-2011-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429\n[ 56 ] CVE-2011-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430\n[ 57 ] CVE-2011-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Reader / Acrobat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43269\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43269/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nRELEASE DATE:\n2011-06-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43269/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43269/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Adobe Reader /\nAcrobat, which can be exploited by malicious people to conduct\ncross-site scripting attacks, disclose potentially sensitive\ninformation, bypass certain security restrictions, and compromise a\nuser\u0027s system. \n\n1) An error in 3difr.x3d due to the component trusting the provided\nstring length when processing certain files can be exploited to cause\na stack-based buffer overflow. \n\n2) An error in tesselate.x3d due to the component trusting the\nprovided string length when processing certain files can be exploited\nto cause a stack-based buffer overflow. \n\n3) An unspecified error can be exploited to cause a heap-based buffer\noverflow. \n\n4) An integer overflow error in ACE.dll when parsing the \"desc\" ICC\nchunk can be exploited to corrupt memory via a specially crafted PDF\nfile. \n\n5) An unspecified error can be exploited to corrupt memory. \n\n6) An unspecified error can be exploited to corrupt memory. \n\n7) An error due to the application loading certain unspecified\nlibraries in an insecure manner can be exploited to load arbitrary\nlibraries by tricking a user into e.g. opening a file located on a\nremote WebDAV or SMB share. \n\n9) An unspecified error can be exploited to bypass certain security\nrestrictions. \n\nThis vulnerability affects Adobe Reader and Acrobat X 10.x only. \n\n10) An unspecified error can be exploited to corrupt memory. \n\nThis vulnerability affects 8.x versions only. \n\n11) An unspecified error can be exploited to corrupt memory. \n\n12) An unspecified error can be exploited to corrupt memory. \n\n13) An unspecified error can be exploited to corrupt memory. \n\nFor more information:\nSA44590\nSA44846\n\nThe vulnerabilities are reported in the following products:\n* Adobe Reader X (10.0.1) and earlier for Windows. \n* Adobe Reader X (10.0.3) and earlier for Macintosh. \n* Adobe Reader 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Reader 8.2.6 and earlier for Windows and Macintosh. \n* Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. \n* Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. \n* Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) An anonymous person via ZDI. \n4) Secunia Research. \n\nThe vendor also credits:\n3, 6) Tarjei Mandt, Norman. \n5) Rodrigo Rubira Branco. \n7) Mila Parkour. \n8) Billy Rios, Google Security Team. \n9) Christian Navarrete, CubilFelino Security Research Lab. \n10) Tavis Ormandy, Google Security Team. \n11) Brett Gervasoni, Sense of Security. \n12) Will Dormann, CERT/CC. \n13) James Quirk, Los Alamos, New Mexico. \n\nORIGINAL ADVISORY:\nAdobe (APSB11-16):\nhttp://www.adobe.com/support/security/bulletins/apsb11-16.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2011-41/\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-218/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-219/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-0625" }, { "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "db": "BID", "id": "47813" }, { "db": "VULHUB", "id": "VHN-48570" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-0625", "trust": 3.0 }, { "db": "BID", "id": "47813", "trust": 1.2 }, { "db": "SECUNIA", "id": "43269", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-001651", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201105-178", "trust": 0.7 }, { "db": "SECUNIA", "id": "44568", "trust": 0.7 }, { "db": "SECUNIA", "id": "44591", "trust": 0.7 }, { "db": "SECUNIA", "id": "44590", "trust": 0.7 }, { "db": "NSFOCUS", "id": "16830", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-48570", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101520", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101403", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101417", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105802", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-218", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-219", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102309", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101414", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48570" }, { "db": "BID", "id": "47813" }, { "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "CNNVD", "id": "CNNVD-201105-178" }, { "db": "NVD", "id": "CVE-2011-0625" } ] }, "id": "VAR-201105-0016", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-48570" } ], "trust": 0.6574074 }, "last_update_date": "2024-11-23T20:19:15.117000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "title": "cpsid_90300", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/903/cpsid_90300.html" }, { "title": "APSB11-12", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb11-12.html" }, { "title": "RHSA-2011:0511", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-0511.html" }, { "title": "Multiple vulnerabilities in Adobe Flashplayer", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001651" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48570" }, { "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "db": "NVD", "id": "CVE-2011-0625" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14077" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16076" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0625" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20110513-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2011/at110013.txt" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0625" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43269" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/47813" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44568" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44590" }, { "trust": 0.6, "url": "http://secunia.com/advisories/44591" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/16830" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.4, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.4, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.4, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.4, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer" }, { "trust": 0.3, "url": "http://www.blackberry.com/btsc/kb27365" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/127e996-10b83-4ab94539ab540/cert_xrx11-003_v1.0.pdf" }, { "trust": 0.3, "url": "http://twitter.com/secunia" }, { "trust": 0.3, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.3, "url": "http://www.facebook.com/secunia" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0624" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0627" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0626" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0622" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0618" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0625" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0589" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0621" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0623" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0620" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44568" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44568/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-0511.html" }, { "trust": 0.1, "url": "http://feeds.feedburner.com/googlechromereleases" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44591/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44591" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0579" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0626" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0575" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0624" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2110" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0559" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-21.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0579" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-13.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0578" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0578" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2428" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-26.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2427" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-11.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0559" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0625" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0622" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0618" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0577" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/" }, { "trust": 0.1, "url": "http://conference.first.org/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43269/#comments" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-218/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-219/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_research/2011-41/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43269" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/44590/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44590" } ], "sources": [ { "db": "VULHUB", "id": "VHN-48570" }, { "db": "BID", "id": "47813" }, { "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "CNNVD", "id": "CNNVD-201105-178" }, { "db": "NVD", "id": "CVE-2011-0625" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-48570" }, { "db": "BID", "id": "47813" }, { "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "101403" }, { "db": "PACKETSTORM", "id": "101417" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "102309" }, { "db": "PACKETSTORM", "id": "101414" }, { "db": "CNNVD", "id": "CNNVD-201105-178" }, { "db": "NVD", "id": "CVE-2011-0625" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-05-13T00:00:00", "db": "VULHUB", "id": "VHN-48570" }, { "date": "2011-05-12T00:00:00", "db": "BID", "id": "47813" }, { "date": "2011-05-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "date": "2011-05-18T14:23:49", "db": "PACKETSTORM", "id": "101520" }, { "date": "2011-05-13T05:29:19", "db": "PACKETSTORM", "id": "101403" }, { "date": "2011-05-15T11:28:00", "db": "PACKETSTORM", "id": "101417" }, { "date": "2011-10-14T06:16:06", "db": "PACKETSTORM", "id": "105802" }, { "date": "2011-06-16T02:14:44", "db": "PACKETSTORM", "id": "102309" }, { "date": "2011-05-15T11:27:52", "db": "PACKETSTORM", "id": "101414" }, { "date": "2011-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-178" }, { "date": "2011-05-13T22:55:01.517000", "db": "NVD", "id": "CVE-2011-0625" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-48570" }, { "date": "2013-06-20T09:39:00", "db": "BID", "id": "47813" }, { "date": "2011-08-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001651" }, { "date": "2011-05-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201105-178" }, { "date": "2024-11-21T01:24:29.020000", "db": "NVD", "id": "CVE-2011-0625" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "105802" }, { "db": "CNNVD", "id": "CNNVD-201105-178" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash Player Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001651" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201105-178" } ], "trust": 0.6 } }
ghsa-jj7j-74q9-j59j
Vulnerability from github
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626.
{ "affected": [], "aliases": [ "CVE-2011-0625" ], "database_specific": { "cwe_ids": [ "CWE-20" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2011-05-13T22:55:00Z", "severity": "HIGH" }, "details": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626.", "id": "GHSA-jj7j-74q9-j59j", "modified": "2022-05-14T02:15:17Z", "published": "2022-05-14T02:15:17Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0625" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14077" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16076" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "type": "WEB", "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" } ], "schema_version": "1.4.0", "severity": [] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.