PT-2011-22: Buffer overflow in Adobe Flash Player Vulnerable softwareAdobe Flash Player Version: 10.3.181.36 and earlier(Windows, Mac OS X, Linux, Solaris); 10.3.185.25 and earlier (Android)Adobe AIR Version: 2.7 and earlier (Windows, Mac OS X, Android)Application link: http://www.adobe.com/Severity levelSeverity level: High Impact: Arbitrary Code Execution Access Vector: Network exploitable CVSS v2: Base Score: 10 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)CVE: CVE-2011-2137 Software descriptionAdobe Flash Player is an application meant for playing flash content.Vulnerability descriptionThe specialists of the Positive Research center have revealed a buffer overflow vulnerability in Adobe Flash Player.The vulnerability allows remote attackers to execute arbitrary code.How to fixUpdate your software up to the latest versionAdvisory status28.06.2011 - Vendor is notified 28.06.2011 - Vendor gets vulnerability details 09.08.2011 - Vendor releases fixed version and details 28.03.2012 - Public disclosureCreditsThe vulnerability was discovered by Alexander Zaitsev, Positive Research Center (Positive Technologies Company)Referenceshttp://en.securitylab.ru/lab/PT-2011-22 http://www.adobe.com/support/security/bulletins/apsb11-21.htmlReports on the vulnerabilities previously discovered by Positive Research:http://ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/