CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.3%
Added: 02/09/2012
CVE: CVE-2011-2140
BID: 49083
OSVDB: 74439
Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.
The Adobe Flash Player **Sub_1005B396**
function allows command execution when a user opens a specially crafted .swf file. The specific vulnerability is triggered when processing data units in the MP4 Sequence Parameter Set.
Upgrade the installed version of Adobe Flash Player as described in Adobe Security Bulletin APSB11-21.
<http://www.adobe.com/support/security/bulletins/apsb11-21.html>
<http://www.abysssec.com/blog/2012/01/31/exploiting-cve-2011-2140-another-flash-player-vulnerability/>
This exploit was tested against Adobe Systems Flash Player 10.3.181.34 on Microsoft Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
The target host must have JRE 1.6.x installed.
The user must open the exploit page using Internet Explorer 7, 8, or 9.
Windows