Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and
Mac OS X allows remote attackers to execute arbitrary code via a crafted
SWF file, as demonstrated by the second of two vulnerabilities exploited by
the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of
20111207, this disclosure has no actionable information. However, because
the module author is a reliable researcher, the issue is being assigned a
CVE identifier for tracking purposes.
{"id": "UB:CVE-2011-4694", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2011-4694", "description": "Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and\nMac OS X allows remote attackers to execute arbitrary code via a crafted\nSWF file, as demonstrated by the second of two vulnerabilities exploited by\nthe Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of\n20111207, this disclosure has no actionable information. However, because\nthe module author is a reliable researcher, the issue is being assigned a\nCVE identifier for tracking purposes.", "published": "2011-12-07T00:00:00", "modified": "2011-12-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2011-4694", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4694", "https://nvd.nist.gov/vuln/detail/CVE-2011-4694", "https://launchpad.net/bugs/cve/CVE-2011-4694", "https://security-tracker.debian.org/tracker/CVE-2011-4694"], "cvelist": ["CVE-2011-4694"], "immutableFields": [], "lastseen": "2021-11-22T21:56:04", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-4694"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802540", "OPENVAS:1361412562310802541", "OPENVAS:802540", "OPENVAS:802541"]}], "rev": 4}, "score": {"value": 7.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2011-4694"]}, {"type": "openvas", "idList": ["OPENVAS:802540", "OPENVAS:802541"]}]}, "exploitation": null, "vulnersScore": 7.0}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "flashplugin-nonfree"}], "bugs": [], "_state": {"dependencies": 1646132924}}
{"cve": [{"lastseen": "2022-03-23T12:47:07", "description": "Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.", "cvss3": {}, "published": "2011-12-07T20:55:00", "type": "cve", "title": "CVE-2011-4694", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4694"], "modified": "2017-09-19T01:34:00", "cpe": ["cpe:/a:adobe:flash_player:11.1.102.55"], "id": "CVE-2011-4694", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4694", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:11.1.102.55:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:39:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4694", "CVE-2011-4693"], "description": "This host is installed with Adobe Flash Player and is prone to\nmultiple arbitrary code execution vulnerabilities.", "modified": "2018-09-22T00:00:00", "published": "2011-12-09T00:00:00", "id": "OPENVAS:1361412562310802541", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802541", "type": "openvas", "title": "Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_swf_mult_code_exec_vuln_macosx.nasl 11552 2018-09-22 13:45:08Z cfischer $\n#\n# Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802541\");\n script_version(\"$Revision: 11552 $\");\n script_cve_id(\"CVE-2011-4694\", \"CVE-2011-4693\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-22 15:45:08 +0200 (Sat, 22 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-09 11:41:37 +0530 (Fri, 09 Dec 2011)\");\n script_name(\"Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X\");\n script_xref(name:\"URL\", value:\"http://partners.immunityinc.com/movies/VulnDisco-Flash0day-v2.mov\");\n script_xref(name:\"URL\", value:\"https://lists.immunityinc.com/pipermail/dailydave/2011-December/000402.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute\narbitrary code in the context of the affected application.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 11.1.102.55 on MAC OS X\");\n script_tag(name:\"insight\", value:\"The flaws are due to an unspecified error in the application,\nallows remote attackers to execute arbitrary code via a crafted SWF file.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to\nmultiple arbitrary code execution vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nplayerVer = get_kb_item(\"Adobe/Flash/Player/MacOSX/Version\");\nif(playerVer != NULL)\n{\n if(version_is_equal(version:playerVer, test_version:\"11.1.102.55\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4694", "CVE-2011-4693"], "description": "This host is installed with Adobe Flash Player and is prone to\nmultiple arbitrary code execution vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2011-12-09T00:00:00", "id": "OPENVAS:1361412562310802540", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802540", "type": "openvas", "title": "Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802540\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2011-4694\", \"CVE-2011-4693\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-12-09 11:41:37 +0530 (Fri, 09 Dec 2011)\");\n script_name(\"Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows\");\n script_xref(name:\"URL\", value:\"http://partners.immunityinc.com/movies/VulnDisco-Flash0day-v2.mov\");\n script_xref(name:\"URL\", value:\"https://lists.immunityinc.com/pipermail/dailydave/2011-December/000402.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute\narbitrary code in the context of the affected application.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 11.1.102.55 on Windows\");\n script_tag(name:\"insight\", value:\"The flaws are due to an unspecified error in the application,\nallows remote attackers to execute arbitrary code via a crafted SWF file.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to\nmultiple arbitrary code execution vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif( version_is_equal( version:vers, test_version:\"11.1.102.55\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"None\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:13:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4694", "CVE-2011-4693"], "description": "This host is installed with Adobe Flash Player and is prone to\nmultiple arbitrary code execution vulnerabilities.", "modified": "2017-02-25T00:00:00", "published": "2011-12-09T00:00:00", "id": "OPENVAS:802541", "href": "http://plugins.openvas.org/nasl.php?oid=802541", "type": "openvas", "title": "Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_swf_mult_code_exec_vuln_macosx.nasl 5424 2017-02-25 16:52:36Z teissa $\n#\n# Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute\narbitrary code in the context of the affected application.\n\nImpact Level: System/Application\";\n\ntag_affected = \"Adobe Flash Player version 11.1.102.55 on MAC OS X\";\n\ntag_insight = \"The flaws are due to an unspecified error in the application,\nallows remote attackers to execute arbitrary code via a crafted SWF file.\";\n\ntag_solution = \"No solution or patch was made available for at least one year\nsince disclosure of this vulnerability. Likely none will be provided anymore.\nGeneral solution options are to upgrade to a newer release, disable respective\nfeatures, remove the product or replace the product by another one.\";\n\ntag_summary = \"This host is installed with Adobe Flash Player and is prone to\nmultiple arbitrary code execution vulnerabilities.\";\n\nif(description)\n{\n script_id(802541);\n script_version(\"$Revision: 5424 $\");\n script_cve_id(\"CVE-2011-4694\", \"CVE-2011-4693\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-09 11:41:37 +0530 (Fri, 09 Dec 2011)\");\n script_name(\"Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X\");\n script_xref(name : \"URL\" , value : \"http://partners.immunityinc.com/movies/VulnDisco-Flash0day-v2.mov\");\n script_xref(name : \"URL\" , value : \"https://lists.immunityinc.com/pipermail/dailydave/2011-December/000402.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_require_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Check for Adobe Flash Player\nplayerVer = get_kb_item(\"Adobe/Flash/Player/MacOSX/Version\");\nif(playerVer != NULL)\n{\n if(version_is_equal(version:playerVer, test_version:\"11.1.102.55\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:28:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4694", "CVE-2011-4693"], "description": "This host is installed with Adobe Flash Player and is prone to\nmultiple arbitrary code execution vulnerabilities.", "modified": "2017-12-19T00:00:00", "published": "2011-12-09T00:00:00", "id": "OPENVAS:802540", "href": "http://plugins.openvas.org/nasl.php?oid=802540", "type": "openvas", "title": "Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_swf_mult_code_exec_vuln_win.nasl 8178 2017-12-19 13:42:38Z cfischer $\n#\n# Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute\narbitrary code in the context of the affected application.\n\nImpact Level: System/Application.\";\n\ntag_affected = \"Adobe Flash Player version 11.1.102.55 on Windows\";\n\ntag_insight = \"The flaws are due to an unspecified error in the application,\nallows remote attackers to execute arbitrary code via a crafted SWF file.\";\n\ntag_solution = \"No solution or patch was made available for at least one year\nsince disclosure of this vulnerability. Likely none will be provided anymore.\nGeneral solution options are to upgrade to a newer release, disable respective\nfeatures, remove the product or replace the product by another one.\";\n\ntag_summary = \"This host is installed with Adobe Flash Player and is prone to\nmultiple arbitrary code execution vulnerabilities.\";\n\nif(description)\n{\n script_id(802540);\n script_version(\"$Revision: 8178 $\");\n script_cve_id(\"CVE-2011-4694\", \"CVE-2011-4693\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 14:42:38 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-09 11:41:37 +0530 (Fri, 09 Dec 2011)\");\n script_name(\"Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows\");\n script_xref(name : \"URL\" , value : \"http://partners.immunityinc.com/movies/VulnDisco-Flash0day-v2.mov\");\n script_xref(name : \"URL\" , value : \"https://lists.immunityinc.com/pipermail/dailydave/2011-December/000402.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif( version_is_equal( version:vers, test_version:\"11.1.102.55\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"None\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
CVE-2011-4694
