Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:7BD1D5EB666C5472B7CB148F0E70C000
HistoryFeb 09, 2012 - 12:00 a.m.

Adobe Flash Player MP4 Sequence Parameter Set Processing

2012-02-0900:00:00
SAINT Corporation
download.saintcorporation.com
15

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.928 High

EPSS

Percentile

99.0%

JSON

Added: 02/09/2012
CVE: CVE-2011-2140
BID: 49083
OSVDB: 74439

Background

Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.

Problem

The Adobe Flash Player **Sub_1005B396** function allows command execution when a user opens a specially crafted .swf file. The specific vulnerability is triggered when processing data units in the MP4 Sequence Parameter Set.

Resolution

Upgrade the installed version of Adobe Flash Player as described in Adobe Security Bulletin APSB11-21.

References

<http://www.adobe.com/support/security/bulletins/apsb11-21.html&gt;
<http://www.abysssec.com/blog/2012/01/31/exploiting-cve-2011-2140-another-flash-player-vulnerability/&gt;

Limitations

This exploit was tested against Adobe Systems Flash Player 10.3.181.34 on Microsoft Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The target host must have JRE 1.6.x installed.

The user must open the exploit page using Internet Explorer 7, 8, or 9.

Platforms

Windows

Related

saint 3
seebug 2
packetstorm 2
checkpoint_advisories 1
securityvulns 2
zdi 1
metasploit 1
exploitpack 1
exploitdb 2
ubuntucve 4
cve 4
nvd 4
cvelist 4
prion 4
threatpost 1
freebsd 1
nessus 17
suse 3
openvas 12
redhat 2
gentoo 2
saint
saint
Adobe Flash Player MP4 Sequence Parameter Set Processing
2012-02-09 00:00:00
Adobe Flash Player MP4 Sequence Parameter Set Processing
2012-02-09 00:00:00
Adobe Flash Player MP4 Sequence Parameter Set Processing
2012-02-09 00:00:00
seebug
seebug
Adobe Flash Player MP4 SequenceParameterSetNALUnit Remote Code Execution Exploit
2012-02-01 00:00:00
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2014-07-01 00:00:00
packetstorm
packetstorm
Adobe Flash Player Code Execution
2012-01-31 00:00:00
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2012-02-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player External MP4 Buffer Overflow (APSB11-21; CVE-2011-2140)
2011-08-16 00:00:00
securityvulns
securityvulns
ZDI-11-276: Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability
2011-08-27 00:00:00
Adobe Flash Player multiple security vulnerabilities
2011-08-27 00:00:00
zdi
zdi
Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability
2011-08-23 00:00:00
metasploit
metasploit
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2012-02-21 01:40:50
exploitpack
exploitpack
Adobe Flash Player - MP4 SequenceParameterSetNALUnit Remote Code Execution
2012-01-31 00:00:00
exploitdb
exploitdb
Adobe Flash Player - MP4 SequenceParameterSetNALUnit Buffer Overflow (Metasploit)
2012-02-10 00:00:00
Adobe Flash Player - MP4 SequenceParameterSetNALUnit Remote Code Execution
2012-01-31 00:00:00
ubuntucve
ubuntucve
CVE-2011-2135
2011-08-10 00:00:00
CVE-2011-2140
2011-08-10 00:00:00
CVE-2011-2417
2011-08-10 00:00:00
cve
cve
CVE-2011-2425
2011-08-10 22:55:01
CVE-2011-2135
2011-08-10 22:55:00
CVE-2011-2140
2011-08-10 22:55:00
nvd
nvd
CVE-2011-2417
2011-08-10 22:55:01
CVE-2011-2135
2011-08-10 22:55:00
CVE-2011-2425
2011-08-10 22:55:01
cvelist
cvelist
CVE-2011-2140
2011-08-10 22:00:00
CVE-2011-2425
2011-08-10 22:00:00
CVE-2011-2135
2011-08-10 22:00:00
prion
prion
Memory corruption
2011-08-10 22:55:00
Memory corruption
2011-08-10 22:55:00
Memory corruption
2011-08-10 22:55:00
threatpost
threatpost
Sofacy APT28 Gang Using New Backdoors, Zero Days
2015-12-04 07:05:37
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2011-05-13 00:00:00
nessus
nessus
SuSE 11.1 Security Update : flash-player (SAT Patch Number 4973)
2011-08-12 00:00:00
openSUSE Security Update : flash-player (openSUSE-SU-2011:0897-1)
2014-06-13 00:00:00
openSUSE Security Update : flash-player (openSUSE-SU-2011:0897-1)
2014-06-13 00:00:00
suse
suse
Security update for flash-player (critical)
2011-08-12 04:08:20
remote code execution in flash-player
2011-08-11 15:39:03
flash-player (critical)
2011-08-12 05:08:25
openvas
openvas
FreeBSD Ports: linux-flashplugin
2011-09-21 00:00:00
Adobe Air and Flash Player Multiple Vulnerabilities (Aug 2011) - Windows
2011-08-31 00:00:00
Adobe Flash Player Multiple Vulnerabilities (Aug 2011) - Linux
2011-08-31 00:00:00
redhat
redhat
(RHSA-2011:1144) Critical: flash-plugin security update
2011-08-10 00:00:00
(RHSA-2011:1434) Critical: acroread security update
2011-11-08 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2011-10-13 00:00:00
Adobe Reader: Multiple vulnerabilities
2012-01-30 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.928 High

EPSS

Percentile

99.0%

JSON
Related for SAINT:7BD1D5EB666C5472B7CB148F0E70C000
saint3seebug2packetstorm2checkpoint_advisories1securityvulns2zdi1metasploit1exploitpack1exploitdb2ubuntucve4cve4nvd4cvelist4prion4threatpost1freebsd1nessus17suse3openvas12redhat2gentoo2