| ID |
CVE-2011-4694
|
| Summary |
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:adobe:flash_player:11.1.102.55:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.102.55:*:*:*:*:*:*:*
-
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 9.3 (as of 19-09-2017 - 01:34) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-noinfo |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| oval
via4
|
| accepted | 2015-08-03T04:00:51.055-04:00 | | class | vulnerability | | contributors | | name | Aharon Chernin | | organization | DTCC |
| name | Josh Turpin | | organization | Symantec Corporation |
| name | Shane Shaffer | | organization | G2, Inc. |
| name | Maria Kedovskaya | | organization | ALTX-SOFT |
| name | Maria Kedovskaya | | organization | ALTX-SOFT |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| | definition_extensions | | comment | Adobe Flash Player 11 is installed | | oval | oval:org.mitre.oval:def:13071 |
| comment | ActiveX Control is installed | | oval | oval:org.mitre.oval:def:26707 |
| | description | Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | | family | windows | | id | oval:org.mitre.oval:def:14539 | | status | accepted | | submitted | 2011-12-09T10:51:15.000-05:00 | | title | Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | | version | 68 |
| accepted | 2013-02-04T04:00:39.526-05:00 | | class | vulnerability | | contributors | | name | Shane Shaffer | | organization | G2, Inc. |
| | definition_extensions | | comment | Adobe Flash Player 11 is installed | | oval | oval:org.mitre.oval:def:16112 |
| | description | Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | | family | macos | | id | oval:org.mitre.oval:def:16096 | | status | accepted | | submitted | 2012-12-20T15:35:55.661-05:00 | | title | Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | | version | 4 |
|
| refmap
via4
|
| misc | | | mlist | [dailydave] 20111206 Flash 0day | | sectrack | 1026392 |
|
| Last major update |
19-09-2017 - 01:34 |
| Published |
07-12-2011 - 20:55 |
| Last modified |
19-09-2017 - 01:34 |
