CVE-2011-0609

Related Files

Gentoo Linux Security Advisory 201110-11

Posted Oct 14, 2011

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-11 - Multiple vulnerabilities in Adobe Flash Player might allow remote attackers to execute arbitrary code or cause a denial of service. Versions less than 10.3.183.10 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0579, CVE-2011-0589, CVE-2011-0607, CVE-2011-0608, CVE-2011-0609, CVE-2011-0611, CVE-2011-0618, CVE-2011-0619, CVE-2011-0620, CVE-2011-0621, CVE-2011-0622, CVE-2011-0623, CVE-2011-0624, CVE-2011-0625, CVE-2011-0626, CVE-2011-0627, CVE-2011-0628

SHA-256 | 1fc7f689cdb3c883ce36c76490807f1cc45caa5c421b71567dc8d8327d946b70

Download | Favorite | View

Adobe Flash Player AVM Bytecode Verification

Posted Mar 23, 2011

Authored by bannedit | Site metasploit.com

This Metasploit module exploits a vulnerability in AVM2 action script virtual machine used in Adobe Flash Player versions 9.0 through 10. The AVM fails to properly verify bytecode streams prior to executing it. This can cause uninitialized memory to be executed. Utilizing heap spraying techniques to control the uninitialized memory region it is possible to execute arbitrary code. Typically Flash Player is not used as a standalone application. Often, SWF files are embedded in other file formats or specifically loaded via a web browser. Malcode was discovered in the wild which embedded a malformed SWF file within an Excel spreadsheet. This exploit is based off the byte stream found within that malcode sample.

tags | exploit, web, arbitrary

advisories | CVE-2011-0609

SHA-256 | 42f45f3260ab9c5b8cc16ebc8f87909c47dfc836d8362769726a745db24e2709

Download | Favorite | View