Info

Disclosure

Jun 15, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jun 14, 2011

Description

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize user-supplied input when an unspecified error occurs resulting in memory corruption. This may allow an attacker to execute arbitrary code. No further details have been provided.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Commercial
Disclosure: Vendor Verified, Discovered in the Wild

Solution

Upgrade to version Adobe Flash Player 10.3.181.26 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. For Google Chrome, upgrade to 12.0.742.100.

Products

Research In Motion Limited

BlackBerry Tablet OS

1.0.5.2342

References

Security Tracker: 1025651
OVAL ID: 14091
CVE ID: 2011-2110 (see also: NVD)
Secunia Advisory ID: 44924 44941 44950 44964 45004 46322 46682 48308
Bugtraq ID: 48268
ISS X-Force ID: 68029
Vendor Specific Advisory URL: http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer1
http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer2
http://www.adobe.com/support/security/bulletins/apsb11-18.html
http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_XRX12-002_v1.1.pdf
https://hermes.opensuse.org/messages/8782873
Vendor Specific News/Changelog Entry: http://googlechromereleases.blogspot.com/2011/06/stable-beta-channel-updates.html
http://www.gentoo.org/security/en/glsa/glsa-201110-11.xml
News Article: http://infosecmedia.org/hackers-exploiting-latest-adobe-flash-bug-on-large-scale/
http://www.darknet.org.uk/2011/06/hackers-exploiting-latest-adobe-flash-bug-on-large-scale/
Mail List Post: http://seclists.org/fulldisclosure/2011/Oct/593
Other Advisory URL: http://www.blackberry.com/btsc/KB27365
RedHat RHSA: RHSA-2011:0869
CERT: TA11-166A

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/73007