CVE-2011-2458

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.

References

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html

http://secunia.com/advisories/48819

http://security.gentoo.org/glsa/glsa-201204-07.xml

http://www.adobe.com/support/security/bulletins/apsb11-28.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14014

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16179

Details

Source: MITRE

Published: 2011-11-11

Updated: 2018-11-29

Type: CWE-264

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
80611Oracle Solaris Third-Party Patch Update : flash (multiple_vulnerabilities_in_adobe_flashplayer4)NessusSolaris Local Security Checks
critical
75840openSUSE Security Update : flash-player (openSUSE-SU-2011:1240-2)NessusSuSE Local Security Checks
critical
75839openSUSE Security Update : flash-player (openSUSE-SU-2011:1240-1)NessusSuSE Local Security Checks
critical
75502openSUSE Security Update : flash-player (openSUSE-SU-2011:1240-1)NessusSuSE Local Security Checks
critical
74525openSUSE Security Update : flash-player (openSUSE-2011-4)NessusSuSE Local Security Checks
critical
59623GLSA-201204-07 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
59684HP Systems Insight Manager < 7.0 Multiple VulnerabilitiesNessusWindows
critical
57195SuSE 10 Security Update : flash-player (ZYPP Patch Number 7832)NessusSuSE Local Security Checks
critical
57102SuSE 11.1 Security Update : flash-player (SAT Patch Number 5413)NessusSuSE Local Security Checks
critical
57044Adobe Reader <= 10.1.1 / 9.4.6 U3D Memory Corruption (APSA11-04, APSB11-28, APSB11-30, APSB12-01) (Mac OS X)NessusMacOS X Local Security Checks
high
56959Adobe AIR <= 3.0 Multiple Vulnerabilities (APSB11-28)NessusWindows
critical
6097Flash Player < 10.3.183.11 / 11.1.102.55 Multiple Vulnerabilities (APSB11-28)Nessus Network MonitorWeb Clients
high
56874Flash Player <= 10.3.183.10 / 11.0.1.152 Multiple Vulnerabilities (APSB11-28)NessusWindows
high
56803FreeBSD : linux-flashplugin -- multiple vulnerabilities (0e8e1212-0ce5-11e1-849b-003067b2972c)NessusFreeBSD Local Security Checks
critical