漏洞标题
N/A
漏洞描述信息
Adobe Flash Player before 10.2.154.27 on Windows、Mac OS X、Linux和Solaris以及10.2.156.12 and earlier on Android;Adobe AIR before 2.6.19140;和Authplay.dll(aka AuthPlayLib.bundle)在Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows、Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X以及Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows和Mac OS X在Windows和Mac OS X上允许远程攻击者通过创建的Flash内容执行任意代码或导致服务拒绝(应用程序崩溃);这可以通过一个包含嵌入的.swf文件的Microsoft Office文档来证明,该文档中的.SWF文件在“包含的常量组”中size inconsistency,对象类型混淆,ActionScript 3.0中将原型添加自定义函数,Date对象;以及在2011年4月被野生攻击利用。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Adobe Flash Player对象处理远程代码执行漏洞
漏洞描述信息
Adobe Flash Player是一款非常流行的FLASH播放器。 Adobe Flash Player在对象类型的处理上存在远程代码执行漏洞,由于某个对象方法在被引用时没有正确识别对象的类型,导致远程攻击者可以利用此漏洞通过诱使用户访问包含恶意SWF文件的网页在用户系统上执行任意指令,从而完全控制受影响的系统。此漏洞可被用于执行挂马攻击,影响面和威胁程度都很高,需要引起用户高度重视。
CVSS信息
N/A
漏洞类别
授权问题