漏洞详情: CVE-2011-0611

漏洞标题
NVD 暂无描述信息
来源:NVD
Adobe Flash Player对象处理远程代码执行漏洞
来源:CNNVD
漏洞描述
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
来源:NVD
Adobe Flash Player是一款非常流行的FLASH播放器。 Adobe Flash Player在对象类型的处理上存在远程代码执行漏洞,由于某个对象方法在被引用时没有正确识别对象的类型,导致远程攻击者可以利用此漏洞通过诱使用户访问包含恶意SWF文件的网页在用户系统上执行任意指令,从而完全控制受影响的系统。此漏洞可被用于执行挂马攻击,影响面和威胁程度都很高,需要引起用户高度重视。
来源:CNNVD
Adobe Flash Player before 10.2.154.27 on Windows、Mac OS X、Linux和Solaris以及10.2.156.12 and earlier on Android;Adobe AIR before 2.6.19140;和Authplay.dll(aka AuthPlayLib.bundle)在Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows、Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X以及Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows和Mac OS X在Windows和Mac OS X上允许远程攻击者通过创建的Flash内容执行任意代码或导致服务拒绝(应用程序崩溃);这可以通过一个包含嵌入的.swf文件的Microsoft Office文档来证明,该文档中的.SWF文件在“包含的常量组”中size inconsistency,对象类型混淆,ActionScript 3.0中将原型添加自定义函数,Date对象;以及在2011年4月被野生攻击利用。
来源:神龙机器人
漏洞评分(CVSS)
NVD 暂无评分
来源:NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
来源:神龙机器人, 准确率:N/A
漏洞类别
NVD 暂无漏洞类别信息
来源:NVD
授权问题
来源:CNNVD
相关链接