Flash Player dirty dozen: Adobe plugs code execution holes

November 11, 2011

Adobe has slapped a “critical” rating on this bulletin and recommends that all affected users apply the patch immediately.

Adobe has issued a warning for a dozen serious security vulnerabilities in its widely distributed Flash Player software.

The security holes, which affect Windows, Mac OS X, Linux and Solaris users, could allow remote code execution attacks via rigged Flash Player files.

The company shipped Flash Player 11.1.102.55 with patches for the 12 documented vulnerabilities.

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2445).
This update resolves a heap corruption vulnerability that could lead to code execution (CVE-2011-2450).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2451).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2452).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2453).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2454).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2455).
This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2456).
This update resolves a stack overflow vulnerability that could lead to code execution (CVE-2011-2457).
This update resolves a vulnerability that could lead to a cross-domain policy bypass (Internet Explorer-only) (CVE-2011-2458).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2459).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2460).

Adobe has slapped a “critical” rating on this bulletin and recommends that all affected users apply the patch immediately.

View: Original Article

Recommended Posts