PT-2011-22: Buffer overflow in Adobe Flash Player

Vulnerable software

Adobe Flash Player
Version: 10.3.181.36 and earlier(Windows, Mac OS X, Linux, Solaris); 10.3.185.25 and earlier (Android)

Adobe AIR
Version: 2.7 and earlier (Windows, Mac OS X, Android)

Application link:
<http://www.adobe.com/&gt;

Severity level

Severity level: High
Impact: Arbitrary Code Execution
Access Vector: Network exploitable

CVSS v2:
Base Score: 10
Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE: CVE-2011-2137

Software description

Adobe Flash Player is an application meant for playing flash content.

Vulnerability description

The specialists of the Positive Research center have revealed a buffer overflow vulnerability in Adobe Flash Player.

The vulnerability allows remote attackers to execute arbitrary code.

How to fix

Update your software up to the latest version

Advisory status

28.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
09.08.2011 - Vendor releases fixed version and details
28.03.2012 - Public disclosure

Credits

The vulnerability was discovered by Alexander Zaitsev, Positive Research Center (Positive Technologies Company)

References

<http://en.securitylab.ru/lab/PT-2011-22&gt;
<http://www.adobe.com/support/security/bulletins/apsb11-21.html&gt;

Reports on the vulnerabilities previously discovered by Positive Research:

<http://ptsecurity.com/research/advisory/&gt;
<http://en.securitylab.ru/lab/&gt;