PT-2011-22: Buffer overflow in Adobe Flash Player

Vulnerable software

Adobe Flash Player
Version: and earlier(Windows, Mac OS X, Linux, Solaris); and earlier (Android)

Adobe AIR
Version: 2.7 and earlier (Windows, Mac OS X, Android)

Application link:

Severity level

Severity level: High
Impact: Arbitrary Code Execution
Access Vector: Network exploitable 

CVSS v2: 
Base Score: 10
Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE: CVE-2011-2137

Software description

Adobe Flash Player is an application meant for playing flash content.

Vulnerability description

The specialists of the Positive Research center have revealed a buffer overflow vulnerability in Adobe Flash Player.

The vulnerability allows remote attackers to execute arbitrary code.

How to fix

Update your software up to the latest version

Advisory status

28.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
09.08.2011 - Vendor releases fixed version and details
28.03.2012 - Public disclosure


The vulnerability was discovered by Alexander Zaitsev, Positive Research Center (Positive Technologies Company)


Reports on the vulnerabilities previously discovered by Positive Research: