Vulnerability CVE-2011-2461


Published: 2011-12-01   Modified: 2012-02-13

Description:
Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Magento eCommerce Vulnerable Adobe Flex SDK
Paulos Yibelo
11.04.2015
Med.
Dell SonicWALL Global Management System GMS 8.1 Adobe Flex SOP Bypass
Gjoko 'Liqu...
31.12.2016

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Vendor: Adobe
Product: Flex sdk 
Version:
4.5.1
4.5
4.1
4.0
3.6
3.5a
3.5
3.4.1
3.4
3.3
3.2
3.1
3.0.1
3.0

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html
http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html
http://kb2.adobe.com/cps/915/cpsid_91544.html
http://packetstormsecurity.com/files/131376/Magento-eCommerce-Vulnerable-Adobe-Flex-SDK.html
http://www.adobe.com/support/security/bulletins/apsb11-25.html
https://threatpost.com/adobe-cve-2011-2461-remains-exploitable-four-years-after-patch/111754

Related CVE
CVE-2018-19723
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnera...
CVE-2018-19721
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnera...
CVE-2018-19728
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h...
CVE-2018-19727
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-19726
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-19724
Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-19722
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-19720
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h...

Copyright 2019, cxsecurity.com

 

Back to Top