Lucene search
AnonymousZDI-11-276HistoryAug 23, 2011 - 12:00 a.m.
Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability
2011-08-2300:00:00
Anonymous
www.zerodayinitiative.com
32
EPSS
0.948
Percentile
99.3%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the sequenceParameterSetNALUnit component. When handling the num_ref_frames_in_pic_order_cnt_cycle value the size is not validated and the process blindly copies user supplied data from offset_for_ref_frame into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
Related
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player External MP4 Buffer Overflow (APSB11-21; CVE-2011-2140)
2011-08-16 00:00:00
exploitdb
exploitdb
saint
saint
Adobe Flash Player MP4 Sequence Parameter Set Processing
2012-02-09 00:00:00
Adobe Flash Player MP4 Sequence Parameter Set Processing
2012-02-09 00:00:00
Adobe Flash Player MP4 Sequence Parameter Set Processing
2012-02-09 00:00:00
packetstorm
packetstorm
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2012-02-10 00:00:00
Adobe Flash Player Code Execution
2012-01-31 00:00:00
seebug
seebug
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2014-07-01 00:00:00
metasploit
metasploit
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2012-02-21 01:40:50
zdt
zdt
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2012-02-10 00:00:00
Adobe Flash Player MP4 SequenceParameterSetNALUnit Code Execution
2012-01-31 00:00:00
exploitpack
exploitpack
Adobe Flash Player - MP4 SequenceParameterSetNALUnit Remote Code Execution
2012-01-31 00:00:00
securityvulns
securityvulns
ZDI-11-276: Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability
2011-08-27 00:00:00
Adobe Flash Player multiple security vulnerabilities
2011-08-27 00:00:00
prion
prion
Memory corruption
2011-08-10 22:55:00
Memory corruption
2011-08-10 22:55:00
Memory corruption
2011-08-10 22:55:00
ubuntucve
ubuntucve
nvd
nvd
cvelist
cvelist
cve
cve
threatpost
threatpost
Sofacy APT28 Gang Using New Backdoors, Zero Days
2015-12-04 07:05:37
nessus
nessus
SuSE 10 Security Update : flash-player (ZYPP Patch Number 7679)
2011-12-13 00:00:00
Adobe AIR < 2.7.1 Multiple Vulnerabilities (APSB11-21)
2011-08-10 00:00:00
suse
suse
remote code execution in flash-player
2011-08-11 15:39:03
flash-player (critical)
2011-08-12 05:08:25
Security update for flash-player (critical)
2011-08-12 04:08:20
openvas
openvas
FreeBSD Ports: linux-flashplugin
2011-09-21 00:00:00
FreeBSD Ports: linux-flashplugin
2011-09-21 00:00:00
Adobe Air and Flash Player Multiple Vulnerabilities - Mac OS X
2011-08-31 00:00:00
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2011-05-13 00:00:00
redhat
redhat
(RHSA-2011:1144) Critical: flash-plugin security update
2011-08-10 00:00:00
(RHSA-2011:1434) Critical: acroread security update
2011-11-08 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2011-10-13 00:00:00
Adobe Reader: Multiple vulnerabilities
2012-01-30 00:00:00