CVE-2011-2424Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe AIR

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
16.1%
top 5.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AIRAdobe Flash Player
Timeline
PublishedAug 15
Latest updateMay 14

Description

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/flash_player10.3.181.36+91
NVDadobe/adobe_air2.7+11

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-4frx-xq3x-xrp7: Adobe Flash Player before 102022-05-14
CVEList
CVE-2011-2424: Adobe Flash Player before 102011-08-15

📋Vendor Advisories

1
Red Hat
flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)2011-08-09
CVE-2011-2424 — Adobe AIR vulnerability | cvebase