CVE-2011-2118Improper Input Validation in Adobe Shockwave Player

CWE-20Improper Input Validation3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
21.1%
top 4.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Shockwave Player
Timeline
PublishedJun 16
Latest updateMay 17

Description

The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to an "input validation vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDadobe/shockwave_player11.5.9.620+42

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-3746-24r4-w4m7: The FLV ASSET Xtra component in Adobe Shockwave Player before 112022-05-17
CVEList
CVE-2011-2118: The FLV ASSET Xtra component in Adobe Shockwave Player before 112011-06-16
CVE-2011-2118 — Improper Input Validation in Adobe | cvebase