Adobe Flash Player CVE-2011-2459 Remote Memory Corruption Vulnerability
BID:50620
Info
Adobe Flash Player CVE-2011-2459 Remote Memory Corruption Vulnerability
| Bugtraq ID: | 50620 |
| Class: | Unknown |
| CVE: |
CVE-2011-2459 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 09 2011 12:00AM |
| Updated: | Mar 19 2015 08:31AM |
| Credit: | An anonymous reporter through iDefense. |
| Vulnerable: |
SuSE Suse Linux Enterprise Desktop 11 SP1 SuSE Suse Linux Enterprise Desktop 10 SP4 Sun Solaris 11 Sun Solaris 10_x86 Sun Solaris 10_sparc S.u.S.E. openSUSE 11.4 S.u.S.E. openSUSE 11.3 Redhat Enterprise Linux Workstation Supplementary 6 Redhat Enterprise Linux Supplementary 5 server Redhat Enterprise Linux Server Supplementary 6 Redhat Enterprise Linux Desktop Supplementary 6 Redhat Enterprise Linux Desktop Supplementary 5 client HP Systems Insight Manager 6.3 HP Systems Insight Manager 6.2 HP Systems Insight Manager 6.1 HP Systems Insight Manager 6.0.0.96 HP Systems Insight Manager 6.0 HP Systems Insight Manager 5.3 Update 1 HP Systems Insight Manager 5.3 HP Systems Insight Manager 5.2 SP2 HP Systems Insight Manager 5.1 SP1 HP Systems Insight Manager 5.0 SP6 HP Systems Insight Manager 5.0 SP5 HP Systems Insight Manager 5.0 SP3 HP Systems Insight Manager 5.0 SP2 HP Systems Insight Manager 5.0 SP1 HP Systems Insight Manager 5.0 HP Systems Insight Manager 4.2 SP2 HP Systems Insight Manager 4.2 SP1 HP Systems Insight Manager 4.2 Gentoo Linux Adobe Flash Player for Android 11.0.1.153 Adobe Flash Player 10.1.53 .64 Adobe Flash Player 10.1.51 .66 Adobe Flash Player 10.0.45 2 Adobe Flash Player 10.0.45 2 Adobe Flash Player 10.0.45 2 Adobe Flash Player 10.0.32 18 Adobe Flash Player 10.0.22 .87 Adobe Flash Player 10.0.15 .3 Adobe Flash Player 10.0.12 .36 Adobe Flash Player 10.0.12 .35 Adobe Flash Player 9.0.262 Adobe Flash Player 9.0.246 0 Adobe Flash Player 9.0.152 .0 Adobe Flash Player 9.0.151 .0 Adobe Flash Player 9.0.124 .0 Adobe Flash Player 9.0.48.0 Adobe Flash Player 9.0.47.0 Adobe Flash Player 9.0.45.0 Adobe Flash Player 9.0.31.0 Adobe Flash Player 9.0.289.0 Adobe Flash Player 9.0.283.0 Adobe Flash Player 9.0.280 Adobe Flash Player 9.0.28.0 Adobe Flash Player 9.0.277.0 Adobe Flash Player 9.0.262.0 Adobe Flash Player 9.0.260.0 Adobe Flash Player 9.0.246.0 Adobe Flash Player 9.0.159.0 Adobe Flash Player 9.0.155.0 Adobe Flash Player 9.0.115.0 Adobe Flash Player 9 Adobe Flash Player 11.0.1.152 Adobe Flash Player 10.3.186.7 Adobe Flash Player 10.3.186.6 Adobe Flash Player 10.3.186.3 Adobe Flash Player 10.3.186.2 Adobe Flash Player 10.3.185.25 Adobe Flash Player 10.3.185.23 Adobe Flash Player 10.3.185.22 Adobe Flash Player 10.3.185.21 Adobe Flash Player 10.3.183.7 Adobe Flash Player 10.3.183.5 Adobe Flash Player 10.3.183.4 Adobe Flash Player 10.3.183.10 Adobe Flash Player 10.3.181.34 Adobe Flash Player 10.3.181.26 Adobe Flash Player 10.3.181.23 Adobe Flash Player 10.3.181.22 Adobe Flash Player 10.3.181.16 Adobe Flash Player 10.3.181.14 Adobe Flash Player 10.2.159.1 Adobe Flash Player 10.2.157.51 Adobe Flash Player 10.2.156.12 Adobe Flash Player 10.2.154.28 Adobe Flash Player 10.2.154.27 Adobe Flash Player 10.2.154.25 Adobe Flash Player 10.2.154.24 Adobe Flash Player 10.2.154.18 Adobe Flash Player 10.2.154.13 Adobe Flash Player 10.2.153.1 Adobe Flash Player 10.2.152.33 Adobe Flash Player 10.2.152.32 Adobe Flash Player 10.2.152.21 Adobe Flash Player 10.2.152 Adobe Flash Player 10.1.95.2 Adobe Flash Player 10.1.95.1 Adobe Flash Player 10.1.92.8 Adobe Flash Player 10.1.92.10 Adobe Flash Player 10.1.92.10 Adobe Flash Player 10.1.85.3 Adobe Flash Player 10.1.82.76 Adobe Flash Player 10.1.52.15 Adobe Flash Player 10.1.52.14.1 Adobe Flash Player 10.1.106.16 Adobe Flash Player 10.1.105.6 Adobe Flash Player 10.1.102.65 Adobe Flash Player 10.1.102.64 Adobe Flash Player 10.1 Release Candida Adobe Flash Player 10.0.42.34 Adobe Flash Player 10.0.32.18 Adobe Flash Player 10 Adobe AIR 2.0.4 Adobe AIR 2.0.3 Adobe AIR 3.0 Adobe AIR 2.7.1 Adobe AIR 2.7 Adobe AIR 2.6 Adobe AIR 2.5.1 Adobe AIR 2.0.3 Adobe AIR 2.0.2 |
| Not Vulnerable: |
HP Systems Insight Manager 7.0 Adobe Flash Player for Android 11.1.102.59 Adobe Flash Player 11.1.102.55 Adobe AIR 3.1.0.4880 |
Discussion
Adobe Flash Player CVE-2011-2459 Remote Memory Corruption Vulnerability
Adobe Flash Player is prone to an unspecified remote memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.
Adobe Flash Player is prone to an unspecified remote memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.
Exploit / POC
Adobe Flash Player CVE-2011-2459 Remote Memory Corruption Vulnerability
A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.
A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
Adobe Flash Player CVE-2011-2459 Remote Memory Corruption Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Adobe Flash Player CVE-2011-2459 Remote Memory Corruption Vulnerability
References:
References:
- Adobe Homepage (Adobe)
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Multiple Vulnerabilities in Adobe Flashplayer (Oracle)
- VUPEN Security Research - Adobe Flash Player SAlign Memory Corruption Vulnerabil (VUPEN Security Research
) - APSB11-28: Security update available for Adobe Flash Player (Adobe)