| Summary: | www-plugins/adobe-flash Unspecified Code Execution Vulnerability (CVE-2011-{4693,4694}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED NEEDINFO | ||
| Severity: | normal | CC: | desktop-misc, lack |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://secunia.com/advisories/47161/ | ||
| Whiteboard: | B2 [upstream?] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Agostino Sarubbo
2011-12-08 14:19:20 UTC
CVE-2011-4694 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4694): Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. CVE-2011-4693 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4693): Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. It's unclear whether this has been fixed. Red Hat closed this as CANTFIX due to a lack of information on what is affected. I'm inclined to agree; closing NEEDINFO. |
