Bug 761223 (CVE-2011-4694)

Summary: CVE-2011-4694 flash-plugin: arbitrary code execution via unspecified vulnerability
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CANTFIX QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: ed.costello, emhuang, mmelanso, mtilburg, stransky
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-14 14:25:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 761226    

Description Vincent Danen 2011-12-07 21:43:35 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-4694 to
the following vulnerability:

Name: CVE-2011-4694
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4694
Assigned: 20111207
Reference: https://lists.immunityinc.com/pipermail/dailydave/2011-December/000402.html
Reference: http://partners.immunityinc.com/movies/VulnDisco-Flash0day-v2.mov

Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows
and Mac OS X allows remote attackers to execute arbitrary code via a
crafted SWF file, as demonstrated by the second of two vulnerabilities
exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead
(SA).  NOTE: as of 20111207, this disclosure has no actionable
information. However, because the module author is a reliable
researcher, the issue is being assigned a CVE identifier for tracking
purposes.


NOTE: it is unclear whether or not Linux is also affected by this flaw.

Comment 1 Huzaifa S. Sidhpurwala 2012-02-06 10:00:39 UTC
Statement:

We do not currently plan to fix this issue due to the lack of further
information about the flaw and its impact. If more information becomes
available at a future date, we may revisit the issue.