Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2022-04094

Опубликовано: 11 апр. 2011
Источник: fstec
CVSS3: 8.8
CVSS2: 9.3
EPSS Критический

Описание

Уязвимость библиотеки Authplay.dll (AuthPlayLib.bundle) программной платформы Flash Player, программ просмотра и редактирования PDF-файлов Adobe Reader и Adobe Acrobat связана с выходом операции за границы буфера в памяти при использовании несовместимых типов данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код или вызвать отказ в обслуживании с помощью специально созданного вредоносного SWF файла

Вендор

Novell Inc.
Adobe Systems Inc.
Google Inc

Наименование ПО

openSUSE
Suse Linux Enterprise Desktop
Flash Player
Adobe Integrated Runtime
Adobe Reader
Adobe Acrobat
Google Chrome

Версия ПО

11.3 (openSUSE)
11.4 (openSUSE)
11.2 (openSUSE)
10 SP4 (Suse Linux Enterprise Desktop)
11 SP1 (Suse Linux Enterprise Desktop)
до 10.2.154.27 (Flash Player)
до 10.2.156.12 включительно (Flash Player)
до 2.6.19140 (Adobe Integrated Runtime)
от 9.0 до 9.4.4 (Adobe Reader)
от 10.0 до 10.0.1 включительно (Adobe Reader)
от 10.0 до 10.0.3 (Adobe Reader)
от 9.0 до 9.4.4 (Adobe Acrobat)
от 10.0 до 10.0.3 (Adobe Acrobat)
до 10.0.648.205 (Google Chrome)

Тип ПО

Операционная система
Прикладное ПО информационных систем

Операционные системы и аппаратные платформы

Novell Inc. openSUSE 11.3
Novell Inc. openSUSE 11.4
Novell Inc. openSUSE 11.2
Novell Inc. Suse Linux Enterprise Desktop 10 SP4
Novell Inc. Suse Linux Enterprise Desktop 11 SP1

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 9,3)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 8,8)

Возможные меры по устранению уязвимости

Использование рекомендаций:
Для программных продуктов Adobe:
https://www.adobe.com/support/security/advisories/apsa11-02.html
Для Google Chrome:
https://chromereleases.googleblog.com/2011/04/stable-channel-update.html
Для программных продуктов Novell Inc.:
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Существует в открытом доступе

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 100%
0.93698
Критический

8.8 High

CVSS3

9.3 Critical

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-0611

CVSS3: 8.8
ubuntu
больше 14 лет назад

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.

redhat логотип

CVE-2011-0611

redhat
больше 14 лет назад

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.

nvd логотип

CVE-2011-0611

CVSS3: 8.8
nvd
больше 14 лет назад

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.

github логотип

GHSA-xhq8-8cqj-q337

CVSS3: 8.8
github
больше 3 лет назад

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.

EPSS

Процентиль: 100%
0.93698
Критический

8.8 High

CVSS3

9.3 Critical

CVSS2