Sign-up

ID

VAR-201112-0290


CVE

CVE-2011-4694


TITLE

Windows and Mac OS X Run on Adobe Flash Player Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2011-003318

DESCRIPTION

Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Flash Player is prone to a remote security vulnerability. Adobe Flash Player is a high-performance, lightweight and expressive client-running player. The vulnerability has been confirmed in the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA)

Trust: 1.98

sources: NVD: CVE-2011-4694 // JVNDB: JVNDB-2011-003318 // BID: 78370 // VULHUB: VHN-52639

AFFECTED PRODUCTS

vendor:adobemodel:flash playerscope:eqversion:11.1.102.55

Trust: 1.9

vendor:applemodel:mac os xscope: - version: -

Trust: 0.8

vendor:adobemodel:flash playerscope:eqversion:11.1.102.55 for windows and mac os x

Trust: 0.8

vendor:microsoftmodel:windowsscope: - version: -

Trust: 0.8

sources: BID: 78370 // JVNDB: JVNDB-2011-003318 // CNNVD: CNNVD-201112-095 // NVD: CVE-2011-4694

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4694
value: HIGH

Trust: 1.0

NVD: CVE-2011-4694
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201112-095
value: CRITICAL

Trust: 0.6

VULHUB: VHN-52639
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-4694
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-52639
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-52639 // JVNDB: JVNDB-2011-003318 // CNNVD: CNNVD-201112-095 // NVD: CVE-2011-4694

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2011-4694

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-095

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201112-095

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-003318

PATCH
title:Top Pageurl:http://www.adobe.com/jp/software/flash/about/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-003318

EXTERNAL IDS
db:NVDid:CVE-2011-4694
Trust: 2.8
db:SECTRACKid:1026392
Trust: 1.4
db:JVNDBid:JVNDB-2011-003318
Trust: 0.8
db:CNNVDid:CNNVD-201112-095
Trust: 0.7
db:MLISTid:[DAILYDAVE] 20111206 FLASH 0DAY
Trust: 0.6
db:BIDid:78370
Trust: 0.4
db:VULHUBid:VHN-52639
Trust: 0.1
sources:
            
            
            VULHUB: VHN-52639 // 
            
            
            
            BID: 78370 // 
            
            
            
            JVNDB: JVNDB-2011-003318 // 
            
            
            
            CNNVD: CNNVD-201112-095 // 
            
            
            
            NVD: CVE-2011-4694

REFERENCES
url:http://partners.immunityinc.com/movies/vulndisco-flash0day-v2.mov
Trust: 2.0
url:https://lists.immunityinc.com/pipermail/dailydave/2011-december/000402.html
Trust: 2.0
url:https://bugzilla.redhat.com/show_bug.cgi?id=761223
Trust: 1.4
url:http://www.securitytracker.com/id?1026392
Trust: 1.4
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14539
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16096
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4694
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4694
Trust: 0.8
sources:
            
            
            VULHUB: VHN-52639 // 
            
            
            
            BID: 78370 // 
            
            
            
            JVNDB: JVNDB-2011-003318 // 
            
            
            
            CNNVD: CNNVD-201112-095 // 
            
            
            
            NVD: CVE-2011-4694

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 78370

SOURCES
db:VULHUBid:VHN-52639
db:BIDid:78370
db:JVNDBid:JVNDB-2011-003318
db:CNNVDid:CNNVD-201112-095
db:NVDid:CVE-2011-4694

LAST UPDATE DATE
2025-04-11T23:07:27.306000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-52639date:2017-09-19T00:00:00
db:BIDid:78370date:2011-12-07T00:00:00
db:JVNDBid:JVNDB-2011-003318date:2011-12-12T00:00:00
db:CNNVDid:CNNVD-201112-095date:2011-12-12T00:00:00
db:NVDid:CVE-2011-4694date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-52639date:2011-12-07T00:00:00
db:BIDid:78370date:2011-12-07T00:00:00
db:JVNDBid:JVNDB-2011-003318date:2011-12-12T00:00:00
db:CNNVDid:CNNVD-201112-095date:2011-12-08T00:00:00
db:NVDid:CVE-2011-4694date:2011-12-07T20:55:00.800