Computer Security
[EN] securityvulns.ru no-pyccku


"Digicert Sdn. Bhd." weak certificates
Published:11.11.2011
Source:
SecurityVulns ID:12032
Type:remote
Threat Level:
6/10
Description:Few weak certificates were issued by intermediate CA.
Affected:OPENSSL : OpenSSL 0.9
 OPENSSL : OpenSSL 1.0
Original documentdocumentDEBIAN, [SECURITY] [DSA 2343-1] openssl security update (11.11.2011)

Apache Tomcat privilege escalation
Published:11.11.2011
Source:
SecurityVulns ID:12033
Type:local
Threat Level:
5/10
Description:Privilege escalation via manager app.
Affected:APACHE : Tomcat 7.0
CVE:CVE-2011-3376 (org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.)
Original documentdocumentAPACHE, [SECURITY] CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app (11.11.2011)

Adobe Shockwave Player multiple security vulnerabilities
Published:11.11.2011
Source:
SecurityVulns ID:12034
Type:client
Threat Level:
7/10
Description:Multiple memory corruptions.
Affected:ADOBE : Shockwave Player 11.6
CVE:CVE-2011-2449 (The TextXtra module in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2448 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2446.)
 CVE-2011-2447 (Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2446 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2448.)
Original documentdocumentvulnhunt_(at)_gmail.com, [CAL-2011-0054]Adobe Shockwave Player Director File Parsing data of rcsl chunk multiple DOS vulnerabilities (11.11.2011)
 documentvulnhunt_(at)_gmail.com, [CAL-2011-0052]Adobe Shockwave Player Director File Parsing PAMM memory corruption vulnerability (11.11.2011)
Files:Security update available for Adobe Shockwave Player

Oracle Java multiple security vulnerabilities
updated since 24.10.2011
Published:11.11.2011
Source:
SecurityVulns ID:11988
Type:library
Threat Level:
9/10
Description:Quarterly CPU fixes 20 different vulnerabilities.
Affected:ORACLE : JRE 1.4
 ORACLE : JRE 5
 ORACLE : JRE 6
 ORACLE : JDK 6
 ORACLE : JDK 7
 ORACLE : JRE 7
 ORACLE : JDK 5
 ORACLE : JavaFX 2.0
 ORACLE : JRockit 28.1
CVE:CVE-2011-3561 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.)
 CVE-2011-3560 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.)
 CVE-2011-3558 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot.)
 CVE-2011-3557 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.)
 CVE-2011-3556 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.)
 CVE-2011-3555 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors.)
 CVE-2011-3554 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2011-3553 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.)
 CVE-2011-3552 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking.)
 CVE-2011-3551 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
 CVE-2011-3550 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.)
 CVE-2011-3549 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.)
 CVE-2011-3548 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.)
 CVE-2011-3547 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.)
 CVE-2011-3546 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment.)
 CVE-2011-3545 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.)
 CVE-2011-3544 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.)
 CVE-2011-3521 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.)
 CVE-2011-3516 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
Original documentdocumentAPPLE, APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 (11.11.2011)
 documentZDI, ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability (31.10.2011)
 documentRoee Hay, DNS Poisoning via Port Exhaustion (24.10.2011)

Cisco Unified Communications Manager / Cisco Unified Contact Center Express directory traversal
updated since 31.10.2011
Published:11.11.2011
Source:
SecurityVulns ID:12003
Type:remote
Threat Level:
5/10
Description:Directory traversal in embedded web services on TCP/8080 and TCP/9080 ports.
Affected:CISCO : Unified Communications Manager 6.1
 CISCO : Unified Communications Manager 7.1
 CISCO : Unified Communications Manager 8.0
 CISCO : Unified Communications Manager 8.5
 CISCO : Unified Contact Center Express 6.0
 CISCO : Unified Contact Center Express 7.0
 CISCO : Unified Contact Center Express 8.0
 CISCO : Unified Contact Center Express 8.5
CVE:CVE-2011-3315 (Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.)
Original documentdocumententomology, Cisco CUCM - Multiple Vulnerabilities (11.11.2011)
 documentddivulnalert_(at)_ddifrontline.com, DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-3315] (31.10.2011)
 documentCISCO, Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability (31.10.2011)
 documentCISCO, Cisco Security Advisory: Cisco Unified Communications Manager Directory Traversal Vulnerability (31.10.2011)

libmodplug library multiple security vulnerabilities
Published:11.11.2011
Source:
SecurityVulns ID:12028
Type:remote
Threat Level:
5/10
Description:Memory corruptions on different media formats.
Affected:LIBMODPLUG : libmodplug 0.8
CVE:CVE-2011-2915 (Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of instruments.)
 CVE-2011-2914 (Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.)
 CVE-2011-2913 (Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (stack memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of samples.)
 CVE-2011-2912 (Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset.)
 CVE-2011-2911 (Integer overflow in the CSoundFile::ReadWav function in src/load_wav.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted WAV file, which triggers a heap-based buffer overflow.)
Original documentdocumentUBUNTU, [USN-1255-1] libmodplug vulnerabilities (11.11.2011)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 11.11.2011
Published:11.11.2011
Source:
SecurityVulns ID:12029
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MOODLE : moodle 1.9
 POMMO : poMMo 16.1
 VTIGER : VtigerCRM 5.2
 ASHOP : Ahop 5.1
 DOLIBARR : Dolibarr 3.1
 LABWIKI : LabWiki 1.1
 LABSTORE : LabStoRe 1.5
 ORDERSYS : OrderSys 1.6
 OSCSS : osCSS 2.1
 MERETHIS : Centreon 2.3
 MAN2HTML : man2html 1.6
CVE:CVE-2011-2770 (Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html 1.6, and possibly other version, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error messages.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2335-1] man2html security update (11.11.2011)
 documentDEBIAN, [SECURITY] [DSA 2338-1] moodle security update (11.11.2011)
 documentTrustwave Advisories, TWSL2011-017: Multiple Vulnerabilities in Merethis Centreon (11.11.2011)
 documentsschurtz_(at)_t-online.de, osCSS2 "_ID" parameter Local file inclusion (11.11.2011)
 documentmuuratsalo experimental hack lab, OrderSys <= 1.6.4 Sql Injection Vulnerabilities (11.11.2011)
 documentmuuratsalo experimental hack lab, LabStoRe <= 1.5.4 Sql Injection Vulnerabilities (11.11.2011)
 documentmuuratsalo experimental hack lab, LabWiki <= 1.1 Multiple Vulnerabilities (11.11.2011)
 documentsecurity_(at)_infoserve.de, Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 (11.11.2011)
 documentsecurity_(at)_infoserve.de, Multiple security vulnerabilities in AShop (11.11.2011)
 documentMustLive, Новые уязвимости в poMMo (11.11.2011)
 documentHigh-Tech Bridge Security Research, Local file inclusion in VtigerCRM (11.11.2011)

Xen multiple security vulnerabilities
Published:11.11.2011
Source:
SecurityVulns ID:12030
Type:local
Threat Level:
5/10
Description:Multiple DoS conditions, PCI passthorough privilege escalation.
Affected:XEN : Xen 3.2
 XEN : xen 3.3
 XEN : Xen 4.0
 XEN : Xen 4.1
CVE:CVE-2011-3262 (tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop.")
 CVE-2011-1898 (Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers.")
 CVE-2011-1583 (Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.)
 CVE-2011-1166 (Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.)

ffmpeg library multiple security vulnerabilities
updated since 11.11.2011
Published:27.11.2011
Source:
SecurityVulns ID:12031
Type:remote
Threat Level:
7/10
Description:Memory corruption on MKV and AVS/CAVS containers parsing.
Affected:FFMPEG : FFmpeg 0.7
 FFMPEG : FFmpeg 0.8
CVE:CVE-2011-3974 (Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362.)
 CVE-2011-3973 (cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362.)
 CVE-2011-3504 (The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.)
 CVE-2011-3362 (Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.)
Original documentdocument[email protected], NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution (27.11.2011)
 document[email protected], NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution (27.11.2011)
 document[email protected], NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution (27.11.2011)

Adobe Flash Player multiple security vulnerabilities
updated since 11.11.2011
Published:26.12.2011
Source:
SecurityVulns ID:12035
Type:client
Threat Level:
9/10
Description:Multiple memory corruptions, buffer overflows, crossite data access.
Affected:ADOBE : Flash Player 11.0
 ADOBE : AIR 3.0
CVE:CVE-2011-2460 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459.)
 CVE-2011-2459 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460.)
 CVE-2011-2458 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.)
 CVE-2011-2457 (Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2456 (Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2455 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460.)
 CVE-2011-2454 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.)
 CVE-2011-2453 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.)
 CVE-2011-2452 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.)
 CVE-2011-2451 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.)
 CVE-2011-2450 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2011-2445 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.)
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Adobe Flash Player "SAlign" Memory Corruption Vulnerability (CVE-2011-2459) (26.12.2011)
Files:Security update available for Adobe Flash Player

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod