CVE-2011-2424

high

Description

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15869

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14199

http://www.us-cert.gov/cas/techalerts/TA11-222A.html

http://www.redhat.com/support/errata/RHSA-2011-1144.html

http://www.adobe.com/support/security/bulletins/apsb11-21.html

http://twitter.com/taviso/statuses/101046396790128640

http://twitter.com/taviso/statuses/101046246277521409

http://googleonlinesecurity.blogspot.com/2011/08/fuzzing-at-scale.html

http://blogs.adobe.com/asset/2011/08/how-did-you-get-to-that-number.html

Details

Source: Mitre, NVD

Published: 2011-08-15

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.17544