Lucene search

K
zdiAnonymousZDI-11-081
HistoryFeb 08, 2011 - 12:00 a.m.

Adobe Flash Player Point Object Remote Code Execution Vulnerability

2011-02-0800:00:00
Anonymous
www.zerodayinitiative.com
22

EPSS

0.011

Percentile

84.3%

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within construction of a specific ActionScript3 object. Due to improper type checking in the implementation of the constructor, an alternative type can be provided as an argument to the constructor and stored as a property. When this object is applied to a bitmap copy, the application will corrupt memory. This can lead to code execution under the context of the application.