cvelistv5 - cve-2011-0628

CVE-2011-0628 (GCVE-0-2011-0628)

Vulnerability from cvelistv5

Published

2011-05-31 20:00

Modified

2024-08-06 21:58

Severity ?

CWE

Summary

Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object.

References

URL

Tags

	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13994	vdb-entry, signature, x_refsource_OVAL
	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=908	third-party-advisory, x_refsource_IDEFENSE
	http://www.securityfocus.com/bid/47961	vdb-entry, x_refsource_BID
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15639	vdb-entry, signature, x_refsource_OVAL
	http://www.adobe.com/support/security/bulletins/apsb11-12.html	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/67638	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:58:26.048Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:13994",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13994"
          },
          {
            "name": "20110524 Adobe Flash Player ActionScript Integer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=908"
          },
          {
            "name": "47961",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47961"
          },
          {
            "name": "oval:org.mitre.oval:def:15639",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15639"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html"
          },
          {
            "name": "flash-player-overflow(67638)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67638"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:13994",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13994"
        },
        {
          "name": "20110524 Adobe Flash Player ActionScript Integer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=908"
        },
        {
          "name": "47961",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47961"
        },
        {
          "name": "oval:org.mitre.oval:def:15639",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15639"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html"
        },
        {
          "name": "flash-player-overflow(67638)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67638"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2011-0628",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:13994",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13994"
            },
            {
              "name": "20110524 Adobe Flash Player ActionScript Integer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=908"
            },
            {
              "name": "47961",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47961"
            },
            {
              "name": "oval:org.mitre.oval:def:15639",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15639"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb11-12.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html"
            },
            {
              "name": "flash-player-overflow(67638)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67638"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2011-0628",
    "datePublished": "2011-05-31T20:00:00.000Z",
    "dateReserved": "2011-01-20T00:00:00.000Z",
    "dateUpdated": "2024-08-06T21:58:26.048Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2011-AVI-290

Vulnerability from certfr_avis

Plusieurs vulnérabilités permettant l'exécution de code arbitraire à distance affectent Adobe Flash Player.

Description

Plusieurs vulnérabilités ont été corrigées dans Adobe Flash Player. Ces vulnérabilités peuvent être exploitées par une personne malveillante distante pour provoquer de l'exécution de code arbitraire à l'aide d'un fichier Flash (SWF) spécialement conçu. Ce fichier peut également être contenu dans d'autres formats de fichiers (Microsoft Word, Microsoft Excel, ...).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player 10.2.154.28 et versions antérieures pour Google Chrome ;
Adobe	N/A	Adobe Flash Player 10.2.159.1 et versions antérieures pour les systèmes d'exploitation Windows, Macintosh, Linux et Solaris ;
Adobe	N/A	Adobe Flash Player 10.2.157.51 et versions antérieures pour Google Android.

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB11-12 du 12 mai 2011	None	vendor-advisory
Bulletin de sécurité Adobe apsb11-12 du 12 mai 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player 10.2.154.28 et versions ant\u00e9rieures pour Google Chrome ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player 10.2.159.1 et versions ant\u00e9rieures pour les syst\u00e8mes d\u0027exploitation Windows, Macintosh, Linux et Solaris ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player 10.2.157.51 et versions ant\u00e9rieures pour Google Android.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Adobe Flash Player. Ces\nvuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par une personne malveillante\ndistante pour provoquer de l\u0027ex\u00e9cution de code arbitraire \u00e0 l\u0027aide d\u0027un\nfichier Flash (SWF) sp\u00e9cialement con\u00e7u. Ce fichier peut \u00e9galement \u00eatre\ncontenu dans d\u0027autres formats de fichiers (Microsoft Word, Microsoft\nExcel, ...).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0627"
    },
    {
      "name": "CVE-2011-0628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0628"
    },
    {
      "name": "CVE-2011-0618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0618"
    },
    {
      "name": "CVE-2011-0620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0620"
    },
    {
      "name": "CVE-2011-0621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0621"
    },
    {
      "name": "CVE-2011-0622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0622"
    },
    {
      "name": "CVE-2011-0579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0579"
    },
    {
      "name": "CVE-2011-0626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0626"
    },
    {
      "name": "CVE-2011-0623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0623"
    },
    {
      "name": "CVE-2011-0619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0619"
    },
    {
      "name": "CVE-2011-0625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0625"
    },
    {
      "name": "CVE-2011-0624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0624"
    }
  ],
  "initial_release_date": "2011-05-13T00:00:00",
  "last_revision_date": "2011-05-13T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb11-12 du 12 mai 2011 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html"
    }
  ],
  "reference": "CERTA-2011-AVI-290",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance affectent \u003cspan class=\"textit\"\u003eAdobe Flash Player\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB11-12 du 12 mai 2011",
      "url": null
    }
  ]
}

CERTA-2011-AVI-476

Vulnerability from certfr_avis

De nombreuses vulnérabilités de Xerox FreeFlow Print Server ont été corrigées. Certaines permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Xerox FreeFlow Print Server utilise Solaris et Java, pour lesquels des vulnérabilités ont été corrigées.

Certaines de ces vulnérabilités permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Xerox FreeFlow Print Server.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Xerox XRX11-003 du 19 août 2011	None	vendor-advisory
Document du CERTA CERTA-2011-AVI-400 du 20 juillet 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eXerox FreeFlow Print Server.\u003c/p\u003e",
  "content": "## Description\n\nXerox FreeFlow Print Server utilise Solaris et Java, pour lesquels des\nvuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es.\n\nCertaines de ces vuln\u00e9rabilit\u00e9s permettent \u00e0 un utilisateur malveillant\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0627"
    },
    {
      "name": "CVE-2011-2287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2287"
    },
    {
      "name": "CVE-2011-0628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0628"
    },
    {
      "name": "CVE-2011-2290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2290"
    },
    {
      "name": "CVE-2011-2245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2245"
    },
    {
      "name": "CVE-2011-2295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2295"
    },
    {
      "name": "CVE-2011-0618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0618"
    },
    {
      "name": "CVE-2011-0620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0620"
    },
    {
      "name": "CVE-2011-0621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0621"
    },
    {
      "name": "CVE-2011-2298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2298"
    },
    {
      "name": "CVE-2011-0622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0622"
    },
    {
      "name": "CVE-2011-0579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0579"
    },
    {
      "name": "CVE-2011-2259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2259"
    },
    {
      "name": "CVE-2011-1910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1910"
    },
    {
      "name": "CVE-2011-0626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0626"
    },
    {
      "name": "CVE-2011-0623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0623"
    },
    {
      "name": "CVE-2011-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2285"
    },
    {
      "name": "CVE-2011-2291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2291"
    },
    {
      "name": "CVE-2011-0619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0619"
    },
    {
      "name": "CVE-2011-2294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2294"
    },
    {
      "name": "CVE-2011-2249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2249"
    },
    {
      "name": "CVE-2011-2258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2258"
    },
    {
      "name": "CVE-2011-2289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2289"
    },
    {
      "name": "CVE-2011-0625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0625"
    },
    {
      "name": "CVE-2011-0624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0624"
    }
  ],
  "initial_release_date": "2011-08-29T00:00:00",
  "last_revision_date": "2011-08-29T00:00:00",
  "links": [
    {
      "title": "Document du CERTA CERTA-2011-AVI-400 du 20 juillet 2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-400/index.html"
    }
  ],
  "reference": "CERTA-2011-AVI-476",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-08-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s de Xerox FreeFlow Print Server ont \u00e9t\u00e9\ncorrig\u00e9es. Certaines permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Xerox FreeFlow Print Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xerox XRX11-003 du 19 ao\u00fbt 2011",
      "url": "http://www.xerox.com/dowload/security/security-bulletin/127e996-10b83-4ab94539ab540/cert_XRX-003_v1.0.pdf"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-0628 (GCVE-0-2011-0628)

Vulnerability from cvelistv5

CERTA-2011-AVI-290

Vulnerability from certfr_avis

Description

Solution

CERTA-2011-AVI-476

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature