You are here

U-055: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code

December 8, 2011 - 8:30am

Addthis

PROBLEM:

Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code .

PLATFORM:

Adobe Flash Player 11.1.102.55 on Windows and Mac OS X and prior versions

ABSTRACT:

Two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead were reported in Adobe Flash Player.

referenceĀ  LINKS:

Secunia Advisory: SA47161
SecurityTracker Alert ID: 1026392
CVE-2011-4693
CVE-2011-4694

IMPACT ASSESSMENT:

High

Discussion:

A remote or local user can obtain potentially sensitive information. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted SWF file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

Impact:

A remote user can create Flash content that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution:

No solution was available at the time of this entry.

Addthis