Информационная безопасность
[RU] switch to English


Недоверенные сертификаты "Digicert Sdn. Bhd."
Опубликовано:11 ноября 2011 г.
Источник:
SecurityVulns ID:12032
Тип:удаленная
Уровень опасности:
6/10
Описание:Удостоверяющим центром было выдано несколько слабых сертификатов.
Затронутые продукты:OPENSSL : OpenSSL 0.9
 OPENSSL : OpenSSL 1.0
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2343-1] openssl security update (11.11.2011)

Повышение привилегий в Apache Tomcat
Опубликовано:11 ноября 2011 г.
Источник:
SecurityVulns ID:12033
Тип:локальная
Уровень опасности:
5/10
Описание:Повышение привилегий через управляющее приложение.
Затронутые продукты:APACHE : Tomcat 7.0
CVE:CVE-2011-3376 (org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.)
Оригинальный текстdocumentAPACHE, [SECURITY] CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app (11.11.2011)

Многочисленные уязвимости безопасности в Adobe Shockwave Player
Опубликовано:11 ноября 2011 г.
Источник:
SecurityVulns ID:12034
Тип:клиент
Уровень опасности:
7/10
Описание:Многочисленные повреждения памяти.
Затронутые продукты:ADOBE : Shockwave Player 11.6
CVE:CVE-2011-2449 (The TextXtra module in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2448 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2446.)
 CVE-2011-2447 (Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2446 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2448.)
Оригинальный текстdocumentvulnhunt_(at)_gmail.com, [CAL-2011-0054]Adobe Shockwave Player Director File Parsing data of rcsl chunk multiple DOS vulnerabilities (11.11.2011)
 documentvulnhunt_(at)_gmail.com, [CAL-2011-0052]Adobe Shockwave Player Director File Parsing PAMM memory corruption vulnerability (11.11.2011)
Файлы:Security update available for Adobe Shockwave Player

Многочисленные уязвимости в Oracle Java
дополнено с 24 октября 2011 г.
Опубликовано:11 ноября 2011 г.
Источник:
SecurityVulns ID:11988
Тип:библиотека
Уровень опасности:
9/10
Описание:Ежеквартальное обновление закрывает 20 различных уязвимостей.
Затронутые продукты:ORACLE : JRE 1.4
 ORACLE : JRE 5
 ORACLE : JRE 6
 ORACLE : JDK 6
 ORACLE : JDK 7
 ORACLE : JRE 7
 ORACLE : JDK 5
 ORACLE : JavaFX 2.0
 ORACLE : JRockit 28.1
CVE:CVE-2011-3561 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.)
 CVE-2011-3560 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.)
 CVE-2011-3558 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot.)
 CVE-2011-3557 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.)
 CVE-2011-3556 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.)
 CVE-2011-3555 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors.)
 CVE-2011-3554 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2011-3553 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.)
 CVE-2011-3552 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking.)
 CVE-2011-3551 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
 CVE-2011-3550 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.)
 CVE-2011-3549 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.)
 CVE-2011-3548 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.)
 CVE-2011-3547 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.)
 CVE-2011-3546 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment.)
 CVE-2011-3545 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.)
 CVE-2011-3544 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.)
 CVE-2011-3521 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.)
 CVE-2011-3516 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 (11.11.2011)
 documentZDI, ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability (31.10.2011)
 documentRoee Hay, DNS Poisoning via Port Exhaustion (24.10.2011)

Обратный путь в каталогах Cisco Unified Communications Manager / Cisco Unified Contact Center Express
дополнено с 31 октября 2011 г.
Опубликовано:11 ноября 2011 г.
Источник:
SecurityVulns ID:12003
Тип:удаленная
Уровень опасности:
5/10
Описание:Обратный путь в каталогах во встроенных веб-службах на портах TCP/8080 и TCP/9080.
Затронутые продукты:CISCO : Unified Communications Manager 6.1
 CISCO : Unified Communications Manager 7.1
 CISCO : Unified Communications Manager 8.0
 CISCO : Unified Communications Manager 8.5
 CISCO : Unified Contact Center Express 6.0
 CISCO : Unified Contact Center Express 7.0
 CISCO : Unified Contact Center Express 8.0
 CISCO : Unified Contact Center Express 8.5
CVE:CVE-2011-3315 (Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.)
Оригинальный текстdocumententomology, Cisco CUCM - Multiple Vulnerabilities (11.11.2011)
 documentddivulnalert_(at)_ddifrontline.com, DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-3315] (31.10.2011)
 documentCISCO, Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability (31.10.2011)
 documentCISCO, Cisco Security Advisory: Cisco Unified Communications Manager Directory Traversal Vulnerability (31.10.2011)

Многочисленные уязвимости безопасности в библиотеке libmodplug
Опубликовано:11 ноября 2011 г.
Источник:
SecurityVulns ID:12028
Тип:удаленная
Уровень опасности:
5/10
Описание:Повреждения памяти при разборе различных форматов файлов.
Затронутые продукты:LIBMODPLUG : libmodplug 0.8
CVE:CVE-2011-2915 (Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of instruments.)
 CVE-2011-2914 (Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.)
 CVE-2011-2913 (Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (stack memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of samples.)
 CVE-2011-2912 (Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset.)
 CVE-2011-2911 (Integer overflow in the CSoundFile::ReadWav function in src/load_wav.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted WAV file, which triggers a heap-based buffer overflow.)
Оригинальный текстdocumentUBUNTU, [USN-1255-1] libmodplug vulnerabilities (11.11.2011)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 11 ноября 2011 г.
Опубликовано:11 ноября 2011 г.
Источник:
SecurityVulns ID:12029
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:MOODLE : moodle 1.9
 POMMO : poMMo 16.1
 VTIGER : VtigerCRM 5.2
 ASHOP : Ahop 5.1
 DOLIBARR : Dolibarr 3.1
 LABWIKI : LabWiki 1.1
 LABSTORE : LabStoRe 1.5
 ORDERSYS : OrderSys 1.6
 OSCSS : osCSS 2.1
 MERETHIS : Centreon 2.3
 MAN2HTML : man2html 1.6
CVE:CVE-2011-2770 (Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html 1.6, and possibly other version, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error messages.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2335-1] man2html security update (11.11.2011)
 documentDEBIAN, [SECURITY] [DSA 2338-1] moodle security update (11.11.2011)
 documentTrustwave Advisories, TWSL2011-017: Multiple Vulnerabilities in Merethis Centreon (11.11.2011)
 documentsschurtz_(at)_t-online.de, osCSS2 "_ID" parameter Local file inclusion (11.11.2011)
 documentmuuratsalo experimental hack lab, OrderSys <= 1.6.4 Sql Injection Vulnerabilities (11.11.2011)
 documentmuuratsalo experimental hack lab, LabStoRe <= 1.5.4 Sql Injection Vulnerabilities (11.11.2011)
 documentmuuratsalo experimental hack lab, LabWiki <= 1.1 Multiple Vulnerabilities (11.11.2011)
 documentsecurity_(at)_infoserve.de, Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 (11.11.2011)
 documentsecurity_(at)_infoserve.de, Multiple security vulnerabilities in AShop (11.11.2011)
 documentMustLive, Новые уязвимости в poMMo (11.11.2011)
 documentHigh-Tech Bridge Security Research, Local file inclusion in VtigerCRM (11.11.2011)

Многочисленные уязвимости безопасности в Xen
Опубликовано:11 ноября 2011 г.
Источник:
SecurityVulns ID:12030
Тип:локальная
Уровень опасности:
5/10
Описание:Многочисленные DoS-условия, повышение привилегий через PCI passthrough.
Затронутые продукты:XEN : Xen 3.2
 XEN : xen 3.3
 XEN : Xen 4.0
 XEN : Xen 4.1
CVE:CVE-2011-3262 (tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop.")
 CVE-2011-1898 (Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers.")
 CVE-2011-1583 (Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.)
 CVE-2011-1166 (Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.)

Многочисленные уязвимости безопасности в библиотеке ffmpeg
дополнено с 11 ноября 2011 г.
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:12031
Тип:удаленная
Уровень опасности:
7/10
Описание:Повреждения памяти при разборе форматов MKV и AVS/CAVS
Затронутые продукты:FFMPEG : FFmpeg 0.7
 FFMPEG : FFmpeg 0.8
CVE:CVE-2011-3974 (Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362.)
 CVE-2011-3973 (cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362.)
 CVE-2011-3504 (The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.)
 CVE-2011-3362 (Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.)
Оригинальный текстdocument[email protected], NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution (27.11.2011)
 document[email protected], NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution (27.11.2011)
 document[email protected], NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution (27.11.2011)

Многочисленные уязвимости безопасности в Adobe Flash Player
дополнено с 11 ноября 2011 г.
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12035
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти, переполнения буфера, межсайтовый доступ к данным.
Затронутые продукты:ADOBE : Flash Player 11.0
 ADOBE : AIR 3.0
CVE:CVE-2011-2460 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459.)
 CVE-2011-2459 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460.)
 CVE-2011-2458 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.)
 CVE-2011-2457 (Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2456 (Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2455 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460.)
 CVE-2011-2454 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.)
 CVE-2011-2453 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.)
 CVE-2011-2452 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.)
 CVE-2011-2451 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.)
 CVE-2011-2450 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2011-2445 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.)
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Adobe Flash Player "SAlign" Memory Corruption Vulnerability (CVE-2011-2459) (26.12.2011)
Файлы:Security update available for Adobe Flash Player

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород