Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 761216 - (CVE-2011-4693) CVE-2011-4693 flash-plugin: arbitrary code execution via unspecified vulnerability
CVE-2011-4693 flash-plugin: arbitrary code execution via unspecified vulnerab...
Status: CLOSED CANTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
impact=critical,public=20111206,repor...
: Security
Depends On:
Blocks: 761226
  Show dependency treegraph
 
Reported: 2011-12-07 16:39 EST by Vincent Danen
Modified: 2012-05-30 11:15 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-02-14 09:25:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Vincent Danen 2011-12-07 16:39:29 EST 
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-4693 to
the following vulnerability:

Name: CVE-2011-4693
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4693
Assigned: 20111207
Reference: https://lists.immunityinc.com/pipermail/dailydave/2011-December/000402.html
Reference: http://partners.immunityinc.com/movies/VulnDisco-Flash0day-v2.mov

Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows
and Mac OS X allows remote attackers to execute arbitrary code via a
crafted SWF file, as demonstrated by the first of two vulnerabilities
exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead
(SA).  NOTE: as of 20111207, this disclosure has no actionable
information. However, because the module author is a reliable
researcher, the issue is being assigned a CVE identifier for tracking
purposes.


NOTE: it is unclear whether or not Linux is also affected by this flaw.
Comment 1 Huzaifa S. Sidhpurwala 2012-02-06 04:59:57 EST 
Statement:

We do not currently plan to fix this issue due to the lack of further
information about the flaw and its impact. If more information becomes
available at a future date, we may revisit the issue.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.