Adobe Flash Player ActionScript Function Arguments Code Execution

Added: 08/22/2011
CVE: CVE-2011-2110
BID: 48268
OSVDB: 73007

Background

Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.

Problem

The Adobe Flash Player ActionScript Engine is vulnerable to an information leak that can be leveraged to execute malicious code. An attacker can construct a malicious SWF file to execute arbitrary code. If the attacker persuades a victim to view a page containing this SWF file, the payload will be executed with the victim's privileges.

Resolution

Upgrade to Adobe Flash Player 10.3.181.26 or higher.

References

http://www.adobe.com/support/security/bulletins/apsb11-18.html

Limitations

This exploit has been tested against Adobe Flash Player 10.3.181.14, 10.3.181.22, and 10.3.181.23 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows

Back to exploit index