Adobe Flash Player contains an object type confusion flaw in the ActionScript Virtual Machine 2 (AVM2). The issue is triggered when a Date class is extended by adding a custom function obtained via SharedObject.prototype.getSize. With a specially crafted SWF file, a context-dependent attacker can execute arbitrary code.

Upgrade Adobe Flash Player to 10.2.159.1 or higher (10.2.154.27 or higher for Chrome) and Adobe AIR to 2.6.19140 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1025324 1025325
• OVAL ID: 14175
• Exploit Database: 17175
• CVE ID: 2011-0611 (see also: NVD)
• CERT VU: 230057
• Secunia Advisory ID: 44119 44141 44149 44243 44244 45607 46322 49035
• Bugtraq ID: 47314
• ISS X-Force ID: 66681
• Metasploit ID: 71686
• VUPEN Advisory: ADV-2011-0922 [ Link is 404 ] ADV-2011-0923 [ Link is 404 ] ADV-2011-0924 [ Link is 404 ]
• Vendor Specific Advisory URL: http://blogs.oracle.com/sunsecurity/entry/cve_2011_0611_vulnerability_in
  http://www.adobe.com/support/security/advisories/apsa11-02.html
  http://www.adobe.com/support/security/bulletins/apsb11-07.html
  https://hermes.opensuse.org/messages/8138626
• Other Advisory URL: http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx
  http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html
  http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html
  http://secunia.com/blog/210
  http://securityreason.com/securityalert/8204
  http://securityreason.com/securityalert/8292
  http://www.virustotal.com/file-scan/report.html?id=0c511a37bbf51cf73aee4caae34bc02e3144e49997dd36acf25b15f5dedc4b5e-1302634079
  http://www.virustotal.com/file-scan/report.html?id=1e677420d7a8160c92b2f44f1ef5eea1cf9b0b1a25353db7d3142b268893507f-1302359653
  http://www.virustotal.com/file-scan/report.html?id=1e677420d7a8160c92b2f44f1ef5eea1cf9b0b1a25353db7d3142b268893507f-1302632079
  http://www.virustotal.com/file-scan/report.html?id=33bde70edc19cddc5ba56066901f30934cb54e5f2c0dbf3bbf81f3e7307b95dc-130263929
  http://www.virustotal.com/file-scan/report.html?id=6e144e5c531a08e58dc5d5f7a7e3c59a036a41bb40a2fa6a45512eb8a5826ca5-1302924963
  http://www.virustotal.com/file-scan/report.html?id=eac1778b733895fea6f1fb5bccc761687315941325b9cf36fd386e81ca012ac0-1302923420
• Vendor Specific News/Changelog Entry: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151
  http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html
  http://www.gentoo.org/security/en/glsa/glsa-201110-11.xml
• Mail List Post: http://seclists.org/fulldisclosure/2011/Oct/593
• News Article: http://www.scmagazineus.com/adobe-battles-yet-another-flash-player-zero-day-bug/article/200502/
  http://www.theregister.co.uk/2011/04/12/attacks_exploit_adobe_flash/
  http://www.theregister.co.uk/2011/04/19/amnesty_drive_by_cache/
  http://www.thetechherald.com/article.php/201115/7053/Adobe-Flash-Zero-Day-actively-exploited
• RedHat RHSA: RHSA-2011:0451

• Not Available