製品・ソフトウェアに関する情報

JVN脆弱性詳細

Adobe Flash Player における権限昇格の脆弱性

Title	Adobe Flash Player における権限昇格の脆弱性
Summary	Adobe Flash Player には、検索パスに関する処理に不備があるため、権限を取得される脆弱性が存在します。
Possible impacts	ローカルユーザにより、カレントワーキングディレクトリ内にあるトロイの木馬の DLL ファイルを介して、権限を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 8, 2011, midnight
Registration Date	March 7, 2011, 4:39 p.m.
Last Update	March 31, 2011, 1:42 p.m.

CVSS2.0 : 警告
Score	6.9
Vector	AV:L/AC:M/Au:N/C:C/I:C/A:C

Affected System

レッドハット

Red Hat Enterprise Linux Extras 4 extras

Red Hat Enterprise Linux Extras 4.8.z extras

Red Hat Enterprise Linux Server Supplementary 6

Red Hat Enterprise Linux Workstation Supplementary 6

RHEL Desktop Supplementary 5 (client)

RHEL Desktop Supplementary 6

RHEL Supplementary 5 (server)

オラクル

Oracle Solaris 10

アドビシステムズ

Adobe Flash CS4 Professional

Adobe Flash Professional CS5

Adobe Flash Player 10.1.102.64 およびそれ以前

Adobe Flex 4

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-0575	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0575
National Vulnerability Database (NVD)
2	CVE-2011-0575	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0575

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Adobe Security Bulletin
1	APSB11-02	http://www.adobe.com/support/security/bulletins/apsb11-02.html
Adobe セキュリティ情報
2	cpsid_89115	http://kb2.adobe.com/jp/cps/891/cpsid_89115.html
Red Hat Security Advisory
3	RHSA-2011:0206	https://rhn.redhat.com/errata/RHSA-2011-0206.html
4	RHSA-2011:0259	https://rhn.redhat.com/errata/RHSA-2011-0259.html
5	RHSA-2011:0368	https://rhn.redhat.com/errata/RHSA-2011-0368.html
SECURITY BLOG
6	multiple_vulnerabilities_in_adobe_flash2	http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2

その他

No	Name	URL
ISS X-Force Database
1	65238	http://xforce.iss.net/xforce/xfdb/65238
JPCERT 緊急報告
2	JPCERT-AT-2011-0005	http://www.jpcert.or.jp/at/2011/at110005.txt
Secunia Advisory
3	SA43267	http://secunia.com/advisories/43267
4	SA43292	http://secunia.com/advisories/43292
5	SA43351	http://secunia.com/advisories/43351
SecurityFocus
6	46197	http://www.securityfocus.com/bid/46197
SecurityTracker
7	1025055	http://www.securitytracker.com/id?1025055
VUPEN Security
8	VUPEN/ADV-2011-0348	http://www.vupen.com/english/advisories/2011/0348
9	VUPEN/ADV-2011-0402	http://www.vupen.com/english/advisories/2011/0402
警察庁 @police
10	アドビシステムズ社の Adobe Flash Player のセキュリティ修正プログラムについて	http://www.npa.go.jp/cyberpolice/#topics

Change Log

No	Changed Details	Date of change
0	[2011年03月07日] 掲載 [2011年03月31日] 影響を受けるシステム：オラクル (multiple_vulnerabilities_in_adobe_flash2) の情報を追加ベンダ情報：オラクル (multiple_vulnerabilities_in_adobe_flash2) を追加ベンダ情報：レッドハット (RHSA-2011:0368) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-0575

Summary	Untrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
Publication Date	Feb. 11, 2011, 1 a.m.
Registration Date	Jan. 28, 2021, 4:37 p.m.
Last Update	Nov. 21, 2024, 10:24 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player:10.1.52.15:::::::*
cpe:2.3:a:adobe:flash_player:9.0.125.0:::::::*
cpe:2.3:a:adobe:flash_player:10.1.53.64:::::::*
cpe:2.3:a:adobe:flash_player:9.0.48.0:::::::*
cpe:2.3:a:adobe:flash_player:9.125.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.24.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.14.0:::::::*
cpe:2.3:a:adobe:flash_player:10.0.15.3:::::::*
cpe:2.3:a:adobe:flash_player:6.0.79:::::::*
cpe:2.3:a:adobe:flash_player:9.0.277.0:::::::*
cpe:2.3:a:adobe:flash_player:10.1.92.8:::::::*
cpe:2.3:a:adobe:flash_player:10.1.95.2:::::::*
cpe:2.3:a:adobe:flash_player:7.0.66.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.60.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.283.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.262.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.18d60:::::::*
cpe:2.3:a:adobe:flash_player:10.1.95.1:::::::*
cpe:2.3:a:adobe:flash_player:7.1.1:::::::*
cpe:2.3:a:adobe:flash_player:9.0.124.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.47.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.63:::::::*
cpe:2.3:a:adobe:flash_player:10.1.102.64:::::::*
cpe:2.3:a:adobe:flash_player:7.0.70.0:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.36:::::::*
cpe:2.3:a:adobe:flash_player:7.0.19.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.35.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.114.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.53.0:::::::*
cpe:2.3:a:adobe:flash_player:10.0.42.34:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::*
cpe:2.3:a:adobe:flash_player:10.1.52.14.1:::::::*
cpe:2.3:a:adobe:flash_player:7.0.67.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.22.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.260.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.159.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.112.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.16:::::::*
cpe:2.3:a:adobe:flash_player:10.0.45.2:::::::*
cpe:2.3:a:adobe:flash_player:10.0.0.584:::::::*
cpe:2.3:a:adobe:flash_player:8.0.42.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.69.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.155.0:::::::*
cpe:2.3:a:adobe:flash_player:10.0.22.87:::::::*
cpe:2.3:a:adobe:flash_player:6.0.21.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28:::::::*
cpe:2.3:a:adobe:flash_player:9.0.45.0:::::::*
cpe:2.3:a:adobe:flash_player:10.0.32.18:::::::*
cpe:2.3:a:adobe:flash_player:7.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31:::::::*
cpe:2.3:a:adobe:flash_player:7.2:::::::*
cpe:2.3:a:adobe:flash_player:7.0.68.0:::::::*
cpe:2.3:a:adobe:flash_player:10.1.82.76:::::::*
cpe:2.3:a:adobe:flash_player:9.0.115.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.25:::::::*
cpe:2.3:a:adobe:flash_player:8.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.33.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.24.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.39.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.73.0:::::::*
cpe:2.3:a:adobe:flash_player:10.1.85.3:::::::*
cpe:2.3:a:adobe:flash_player:8.0.34.0:::::::*
cpe:2.3:a:adobe:flash_player:7.1:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.10:::::::*
cpe:2.3:a:adobe:flash_player:9.0.151.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20:::::::*
cpe:2.3:a:adobe:flash_player:7.0.61.0:::::::*
cpe:2.3:a:adobe:flash_player::::::::		10.2.152
cpe:2.3:a:adobe:flash_player:7.0.1:::::::*
cpe:2.3:a:adobe:flash_player:9.0.246.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.152.0:::::::*
cpe:2.3:a:adobe:flash_player:10.1.92.10:::::::*
cpe:2.3:a:adobe:flash_player:9.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2
2	http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00003.html
3	http://osvdb.org/70919
4	http://secunia.com/advisories/43267
5	http://secunia.com/advisories/43292
6	http://secunia.com/advisories/43340
7	http://secunia.com/advisories/43351
8	http://secunia.com/advisories/43747
9	http://www.adobe.com/support/security/bulletins/apsb11-02.html	Patch Vendor Advisory
10	http://www.redhat.com/support/errata/RHSA-2011-0206.html
11	http://www.redhat.com/support/errata/RHSA-2011-0259.html
12	http://www.redhat.com/support/errata/RHSA-2011-0368.html
13	http://www.securityfocus.com/archive/1/516398/100/0/threaded
14	http://www.securityfocus.com/bid/46197
15	http://www.securitytracker.com/id?1025055
16	http://www.vupen.com/english/advisories/2011/0348
17	http://www.vupen.com/english/advisories/2011/0383
18	http://www.vupen.com/english/advisories/2011/0402
19	http://www.vupen.com/english/advisories/2011/0646
20	https://exchange.xforce.ibmcloud.com/vulnerabilities/65238
21	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14095
22	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16127
23	http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2
24	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16127
25	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14095
26	https://exchange.xforce.ibmcloud.com/vulnerabilities/65238
27	http://www.vupen.com/english/advisories/2011/0646
28	http://www.vupen.com/english/advisories/2011/0402
29	http://www.vupen.com/english/advisories/2011/0383
30	http://www.vupen.com/english/advisories/2011/0348
31	http://www.securitytracker.com/id?1025055
32	http://www.securityfocus.com/bid/46197
33	http://www.securityfocus.com/archive/1/516398/100/0/threaded
34	http://www.redhat.com/support/errata/RHSA-2011-0368.html
35	http://www.redhat.com/support/errata/RHSA-2011-0259.html
36	http://www.redhat.com/support/errata/RHSA-2011-0206.html
37	http://www.adobe.com/support/security/bulletins/apsb11-02.html	Patch Vendor Advisory
38	http://secunia.com/advisories/43747
39	http://secunia.com/advisories/43351
40	http://secunia.com/advisories/43340
41	http://secunia.com/advisories/43292
42	http://secunia.com/advisories/43267
43	http://osvdb.org/70919
44	http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00003.html

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player:10.1.52.15:::::::*
cpe:2.3:a:adobe:flash_player:9.0.125.0:::::::*
cpe:2.3:a:adobe:flash_player:10.1.53.64:::::::*
cpe:2.3:a:adobe:flash_player:9.0.48.0:::::::*
cpe:2.3:a:adobe:flash_player:9.125.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.24.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.14.0:::::::*
cpe:2.3:a:adobe:flash_player:10.0.15.3:::::::*
cpe:2.3:a:adobe:flash_player:6.0.79:::::::*
cpe:2.3:a:adobe:flash_player:9.0.277.0:::::::*
cpe:2.3:a:adobe:flash_player:10.1.92.8:::::::*
cpe:2.3:a:adobe:flash_player:10.1.95.2:::::::*
cpe:2.3:a:adobe:flash_player:7.0.66.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.60.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.283.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.262.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.18d60:::::::*
cpe:2.3:a:adobe:flash_player:10.1.95.1:::::::*
cpe:2.3:a:adobe:flash_player:7.1.1:::::::*
cpe:2.3:a:adobe:flash_player:9.0.124.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.47.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.63:::::::*
cpe:2.3:a:adobe:flash_player:10.1.102.64:::::::*
cpe:2.3:a:adobe:flash_player:7.0.70.0:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.36:::::::*
cpe:2.3:a:adobe:flash_player:7.0.19.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.35.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.114.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.53.0:::::::*
cpe:2.3:a:adobe:flash_player:10.0.42.34:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::*
cpe:2.3:a:adobe:flash_player:10.1.52.14.1:::::::*
cpe:2.3:a:adobe:flash_player:7.0.67.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.22.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.260.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.159.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.112.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.16:::::::*
cpe:2.3:a:adobe:flash_player:10.0.45.2:::::::*
cpe:2.3:a:adobe:flash_player:10.0.0.584:::::::*
cpe:2.3:a:adobe:flash_player:8.0.42.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.69.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.155.0:::::::*
cpe:2.3:a:adobe:flash_player:10.0.22.87:::::::*
cpe:2.3:a:adobe:flash_player:6.0.21.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28:::::::*
cpe:2.3:a:adobe:flash_player:9.0.45.0:::::::*
cpe:2.3:a:adobe:flash_player:10.0.32.18:::::::*
cpe:2.3:a:adobe:flash_player:7.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31:::::::*
cpe:2.3:a:adobe:flash_player:7.2:::::::*
cpe:2.3:a:adobe:flash_player:7.0.68.0:::::::*
cpe:2.3:a:adobe:flash_player:10.1.82.76:::::::*
cpe:2.3:a:adobe:flash_player:9.0.115.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.25:::::::*
cpe:2.3:a:adobe:flash_player:8.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.33.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.24.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.39.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.73.0:::::::*
cpe:2.3:a:adobe:flash_player:10.1.85.3:::::::*
cpe:2.3:a:adobe:flash_player:8.0.34.0:::::::*
cpe:2.3:a:adobe:flash_player:7.1:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.10:::::::*
cpe:2.3:a:adobe:flash_player:9.0.151.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20:::::::*
cpe:2.3:a:adobe:flash_player:7.0.61.0:::::::*
cpe:2.3:a:adobe:flash_player::::::::		10.2.152
cpe:2.3:a:adobe:flash_player:7.0.1:::::::*
cpe:2.3:a:adobe:flash_player:9.0.246.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.152.0:::::::*
cpe:2.3:a:adobe:flash_player:10.1.92.10:::::::*
cpe:2.3:a:adobe:flash_player:9.0:::::::*