CVE-2011-0575

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Untrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

References

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00003.html

http://osvdb.org/70919

http://secunia.com/advisories/43267

http://secunia.com/advisories/43292

http://secunia.com/advisories/43340

http://secunia.com/advisories/43351

http://secunia.com/advisories/43747

http://www.adobe.com/support/security/bulletins/apsb11-02.html

http://www.redhat.com/support/errata/RHSA-2011-0206.html

http://www.redhat.com/support/errata/RHSA-2011-0259.html

http://www.redhat.com/support/errata/RHSA-2011-0368.html

http://www.securityfocus.com/archive/1/516398/100/0/threaded

http://www.securityfocus.com/bid/46197

http://www.securitytracker.com/id?1025055

http://www.vupen.com/english/advisories/2011/0348

http://www.vupen.com/english/advisories/2011/0383

http://www.vupen.com/english/advisories/2011/0402

http://www.vupen.com/english/advisories/2011/0646

https://exchange.xforce.ibmcloud.com/vulnerabilities/65238

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14095

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16127

Details

Source: MITRE

Published: 2011-02-10

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* versions up to 10.2.152 (inclusive)

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
75494openSUSE Security Update : flash-player (openSUSE-SU-2011:0109-1)NessusSuSE Local Security Checks
high
75421openSUSE Security Update : acroread (openSUSE-SU-2011:0156-1)NessusSuSE Local Security Checks
high
63971RHEL 4 : redhat-release (EOL Notice) (RHSA-2011:0259)NessusRed Hat Local Security Checks
high
56504GLSA-201110-11 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
53719openSUSE Security Update : flash-player (openSUSE-SU-2011:0109-1)NessusSuSE Local Security Checks
high
53693openSUSE Security Update : acroread (openSUSE-SU-2011:0156-1)NessusSuSE Local Security Checks
high
52568SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 7359)NessusSuSE Local Security Checks
high
52567SuSE 10 Security Update : acroread (ZYPP Patch Number 7358)NessusSuSE Local Security Checks
high
52566SuSE 11.1 Security Update : acroread_ja (SAT Patch Number 4058)NessusSuSE Local Security Checks
high
52565SuSE 11.1 Security Update : acroread (SAT Patch Number 4057)NessusSuSE Local Security Checks
high
51984SuSE 10 Security Update : flash-player (ZYPP Patch Number 7332)NessusSuSE Local Security Checks
high
51983SuSE 11.1 Security Update : flash-player (SAT Patch Number 3926)NessusSuSE Local Security Checks
high
51964FreeBSD : linux-flashplugin -- multiple vulnerabilities (4a3482da-3624-11e0-b995-001b2134ef46)NessusFreeBSD Local Security Checks
high
5781Flash Player < 10.2.152.26 Multiple Vulnerabilities (APSB11-02)Nessus Network MonitorWeb Clients
high
51933RHEL 5 / 6 : flash-plugin (RHSA-2011:0206)NessusRed Hat Local Security Checks
high
800945Google Chrome < 9.0.597.94 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5780Google Chrome < 9.0.597.94 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
51926Flash Player < 10.2.152.26 Multiple Vulnerabilities (APSB11-02)NessusWindows
high
51925Adobe Reader < 10.0.1 / 9.4.2 / 8.2.6 Multiple Vulnerabilities (APSB11-03)NessusWindows
high
51924Adobe Acrobat < 10.0.1 / 9.4.2 / 8.2.5 Multiple Vulnerabilities (APSB11-03)NessusWindows
high
25434Solaris 10 (x86) : 125333-23 (deprecated)NessusSolaris Local Security Checks
high
25433Solaris 10 (sparc) : 125332-24 (deprecated)NessusSolaris Local Security Checks
high