Added: 08/22/2011
CVE: CVE-2011-2110
BID: 48268
OSVDB: 73007
Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.
The Adobe Flash Player ActionScript Engine is vulnerable to an information leak that can be leveraged to execute malicious code. An attacker can construct a malicious SWF file to execute arbitrary code. If the attacker persuades a victim to view a page containing this SWF file, the payload will be executed with the victimβs privileges.
Upgrade to Adobe Flash Player 10.3.181.26 or higher.
<http://www.adobe.com/support/security/bulletins/apsb11-18.html>
This exploit has been tested against Adobe Flash Player 10.3.181.14, 10.3.181.22, and 10.3.181.23 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
Windows