Adobe Flash Player
Version: 10.3.181.36 and earlier(Windows, Mac OS X, Linux, Solaris); 10.3.185.25 and earlier (Android)
Adobe AIR
Version: 2.7 and earlier (Windows, Mac OS X, Android)
Application link:
<http://www.adobe.com/>
Severity level: High
Impact: Arbitrary Code Execution
Access Vector: Network exploitable
CVSS v2:
Base Score: 10
Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE: CVE-2011-2137
Software description
Adobe Flash Player is an application meant for playing flash content.
The specialists of the Positive Research center have revealed a buffer overflow vulnerability in Adobe Flash Player.
The vulnerability allows remote attackers to execute arbitrary code.
Update your software up to the latest version
28.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
09.08.2011 - Vendor releases fixed version and details
28.03.2012 - Public disclosure
The vulnerability was discovered by Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
<http://en.securitylab.ru/lab/PT-2011-22>
<http://www.adobe.com/support/security/bulletins/apsb11-21.html>
Reports on the vulnerabilities previously discovered by Positive Research:
<http://ptsecurity.com/research/advisory/>
<http://en.securitylab.ru/lab/>