Adobe Flash Player callMethod Bytecode Memory Corruption

2011-04-21T00:00:00
ID SAINT:D1E10A87E683A65C65EF800D90A66751
Type saint
Reporter SAINT Corporation
Modified 2011-04-21T00:00:00

Description

Added: 04/21/2011
CVE: CVE-2011-0611
BID: 47314
OSVDB: 71686

Background

Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.

Problem

A memory corruption vulnerability allows command execution when the browser loads a specially crafted Small Web Format (SWF) file.

Resolution

Upgrade to Adobe Flash Player 10.2.153.2 for Windows or higher.

References

<http://www.adobe.com/support/security/advisories/apsa11-02.html>
<http://secunia.com/advisories/44119/>

Limitations

Exploit works on Adobe Systems Flash Player 10.2.153.1. The targeted user must open the exploit file in Internet Explorer 7.

Platforms

Windows