Sign-up

ID

VAR-201112-0289


CVE

CVE-2011-4693


TITLE

Windows and Mac OS X Run on Adobe Flash Player Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2011-003317

DESCRIPTION

Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Flash Player is prone to a remote security vulnerability. Adobe Flash Player is a high-performance, lightweight and expressive client-running player. The vulnerability has been confirmed in the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA)

Trust: 1.98

sources: NVD: CVE-2011-4693 // JVNDB: JVNDB-2011-003317 // BID: 78356 // VULHUB: VHN-52638

AFFECTED PRODUCTS

vendor:adobemodel:flash playerscope:eqversion:11.1.102.55

Trust: 1.9

vendor:applemodel:mac os xscope: - version: -

Trust: 0.8

vendor:adobemodel:flash playerscope:eqversion:11.1.102.55 for windows and mac os x

Trust: 0.8

vendor:microsoftmodel:windowsscope: - version: -

Trust: 0.8

sources: BID: 78356 // JVNDB: JVNDB-2011-003317 // CNNVD: CNNVD-201112-094 // NVD: CVE-2011-4693

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4693
value: HIGH

Trust: 1.0

NVD: CVE-2011-4693
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201112-094
value: CRITICAL

Trust: 0.6

VULHUB: VHN-52638
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-4693
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-52638
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-52638 // JVNDB: JVNDB-2011-003317 // CNNVD: CNNVD-201112-094 // NVD: CVE-2011-4693

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2011-4693

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-094

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201112-094

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-003317

PATCH
title:Top Pageurl:http://www.adobe.com/jp/software/flash/about/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-003317

EXTERNAL IDS
db:NVDid:CVE-2011-4693
Trust: 2.8
db:SECTRACKid:1026392
Trust: 1.4
db:JVNDBid:JVNDB-2011-003317
Trust: 0.8
db:CNNVDid:CNNVD-201112-094
Trust: 0.7
db:MLISTid:[DAILYDAVE] 20111206 FLASH 0DAY
Trust: 0.6
db:BIDid:78356
Trust: 0.4
db:VULHUBid:VHN-52638
Trust: 0.1
sources:
            
            
            VULHUB: VHN-52638 // 
            
            
            
            BID: 78356 // 
            
            
            
            JVNDB: JVNDB-2011-003317 // 
            
            
            
            CNNVD: CNNVD-201112-094 // 
            
            
            
            NVD: CVE-2011-4693

REFERENCES
url:http://partners.immunityinc.com/movies/vulndisco-flash0day-v2.mov
Trust: 2.0
url:https://lists.immunityinc.com/pipermail/dailydave/2011-december/000402.html
Trust: 2.0
url:https://bugzilla.redhat.com/show_bug.cgi?id=761216
Trust: 1.4
url:http://www.securitytracker.com/id?1026392
Trust: 1.4
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14405
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15703
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4693
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4693
Trust: 0.8
sources:
            
            
            VULHUB: VHN-52638 // 
            
            
            
            BID: 78356 // 
            
            
            
            JVNDB: JVNDB-2011-003317 // 
            
            
            
            CNNVD: CNNVD-201112-094 // 
            
            
            
            NVD: CVE-2011-4693

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 78356

SOURCES
db:VULHUBid:VHN-52638
db:BIDid:78356
db:JVNDBid:JVNDB-2011-003317
db:CNNVDid:CNNVD-201112-094
db:NVDid:CVE-2011-4693

LAST UPDATE DATE
2025-04-11T23:07:27.335000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-52638date:2017-09-19T00:00:00
db:BIDid:78356date:2011-12-07T00:00:00
db:JVNDBid:JVNDB-2011-003317date:2011-12-12T00:00:00
db:CNNVDid:CNNVD-201112-094date:2011-12-12T00:00:00
db:NVDid:CVE-2011-4693date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-52638date:2011-12-07T00:00:00
db:BIDid:78356date:2011-12-07T00:00:00
db:JVNDBid:JVNDB-2011-003317date:2011-12-12T00:00:00
db:CNNVDid:CNNVD-201112-094date:2011-12-08T00:00:00
db:NVDid:CVE-2011-4693date:2011-12-07T20:55:00.753