CVE-2011-2460

2011-11-1116:55:01

CWE-119

adobe

web.nvd.nist.gov

cve-2011-2460

adobe flash player

adobe air

arbitrary code execution

denial of service

memory corruption

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

9.7

Confidence

High

EPSS

0.009

Percentile

82.9%

JSON

Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459.

Affected configurations

Nvd

Node

adobeflash_playerRange10.0–10.3.183.11

adobeflash_playerRange11.0–11.1.102.55

AND

applemac_os_xMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

sunsolarisMatch-

Node

adobeflash_playerRange11.0–11.1.102.59

AND

googleandroidMatch-

Node

adobeadobe_airRange3.0–3.1.0.4880

VendorProductVersionCPE
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
applemac_os_x-cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
sunsolaris-cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*
googleandroid-cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
adobeadobe_air*cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player::::::::
apple	mac_os_x	-	cpe:2.3:o:apple:mac_os_x:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
sun	solaris	-	cpe:2.3:o:sun:solaris:-:::::::*
google	android	-	cpe:2.3:o:google:android:-:::::::*
adobe	adobe_air	*	cpe:2.3:a:adobe:adobe_air::::::::