CVE-2011-2458

HIGH

Description

Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.

References

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html

http://secunia.com/advisories/48819

http://security.gentoo.org/glsa/glsa-201204-07.xml

http://www.adobe.com/support/security/bulletins/apsb11-28.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14014

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16179

Details

Source: MITRE

Published: 2011-11-11

Updated: 2018-11-29

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*

Configuration 2

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
80611Oracle Solaris Third-Party Patch Update : flash (multiple_vulnerabilities_in_adobe_flashplayer4)NessusSolaris Local Security Checks
critical
75840openSUSE Security Update : flash-player (openSUSE-SU-2011:1240-2)NessusSuSE Local Security Checks
critical
75839openSUSE Security Update : flash-player (openSUSE-SU-2011:1240-1)NessusSuSE Local Security Checks
critical
75502openSUSE Security Update : flash-player (openSUSE-SU-2011:1240-1)NessusSuSE Local Security Checks
critical
74525openSUSE Security Update : flash-player (openSUSE-2011-4)NessusSuSE Local Security Checks
critical
59623GLSA-201204-07 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
59684HP Systems Insight Manager < 7.0 Multiple VulnerabilitiesNessusWindows
critical
57195SuSE 10 Security Update : flash-player (ZYPP Patch Number 7832)NessusSuSE Local Security Checks
critical
57102SuSE 11.1 Security Update : flash-player (SAT Patch Number 5413)NessusSuSE Local Security Checks
critical
57044Adobe Reader <= 10.1.1 / 9.4.6 U3D Memory Corruption (APSA11-04, APSB11-28, APSB11-30, APSB12-01) (Mac OS X)NessusMacOS X Local Security Checks
high
56959Adobe AIR <= 3.0 Multiple Vulnerabilities (APSB11-28)NessusWindows
critical
6097Flash Player < 10.3.183.11 / 11.1.102.55 Multiple Vulnerabilities (APSB11-28)Nessus Network MonitorWeb Clients
high
56874Flash Player <= 10.3.183.10 / 11.0.1.152 Multiple Vulnerabilities (APSB11-28)NessusWindows
high
56803FreeBSD : linux-flashplugin -- multiple vulnerabilities (0e8e1212-0ce5-11e1-849b-003067b2972c)NessusFreeBSD Local Security Checks
critical