Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
(Oracle Issues Fix for Solaris) Adobe Flash Player Multiple Bugs Let Remote Users Obtain Information and Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1025836 |
|
SecurityTracker URL: http://securitytracker.com/id/1025836
|
|
CVE Reference:
CVE-2011-0579, CVE-2011-0618, CVE-2011-0619, CVE-2011-0620, CVE-2011-0621, CVE-2011-0622, CVE-2011-0623, CVE-2011-0624, CVE-2011-0625, CVE-2011-0626, CVE-2011-0627, CVE-2011-0628
(Links to External Site)
|
Date: Jul 25 2011
|
Impact:
Disclosure of user information, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 10.2.159.1 and prior versions; 10.2.154.28 and prior versions for Chrome; 10.2.157.51 and prior versions for Android
|
Description:
Multiple vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain information from the target user's system.
A remote user can create a specially crafted file that, when loaded by the target user, will trigger an integer overflow or memory corruption error and execute arbitrary code on the target system [CVE-2011-0618, CVE-2011-0619, CVE-2011-0620, CVE-2011-0621, CVE-2011-0622, CVE-2011-0623, CVE-2011-0624, CVE-2011-0625, CVE-2011-0626, CVE-2011-0627, CVE-2011-0628]. The code will run with the privileges of the target user.
One of the vulnerabilities [CVE-2011-0627] is being actively exploited on Windows-based systems via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file and delivered via email attachment.
A remote user can obtain information from the target user's system [CVE-2011-0579].
binaryproof (via iDefense's Vulnerability Contributor Program), Marc Schoenefeld of Red Hat Security Response Team, Vitaliy Toropov (via iDefense's Vulnerability Contributor Program), Bo Qu of Palo Alto Networks, Honggang Ren of Fortinet's FortiGuard Labs, Yamata Li of Palo Alto Networks, Tavis Ormandy of the Google Security Team, and Will Dormann of CERT reported these vulnerabilities.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain information from the target user's system.
|
Solution:
Oracle has issued a fix for Solaris.
The Oracle advisory is available at:
http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer
|
Vendor URL: www.adobe.com/support/security/bulletins/apsb11-12.html (Links to External Site)
|
Cause:
Access control error, Boundary error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Mon, 25 Jul 2011 18:20:08 +0000
Subject: Solaris
|
Multiple vulnerabilities in Adobe Flashplayer
http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer
CVE-2011-0579
CVE-2011-0618
CVE-2011-0619
CVE-2011-0620
CVE-2011-0621
CVE-2011-0622
CVE-2011-0623
CVE-2011-0624
CVE-2011-0625
CVE-2011-0626
CVE-2011-0627
CVE-2011-0628
|
|
Go to the Top of This SecurityTracker Archive Page
|
