Vulnerability Details CVE-2011-2458
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.0%
CVSS Severity
CVSS v2 Score 9.3
References
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html
- http://secunia.com/advisories/48819
- http://security.gentoo.org/glsa/glsa-201204-07.xml
- http://www.adobe.com/support/security/bulletins/apsb11-28.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14014
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16179
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html
- http://secunia.com/advisories/48819
- http://security.gentoo.org/glsa/glsa-201204-07.xml
- http://www.adobe.com/support/security/bulletins/apsb11-28.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14014
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16179
Products affected by CVE-2011-2458
-
cpe:2.3:a:adobe:adobe_air:3.0.0.408
-
cpe:2.3:a:adobe:adobe_air:3.0.0.4080
-
cpe:2.3:a:adobe:adobe_air:3.1.0.485
-
cpe:2.3:a:adobe:adobe_air:3.1.0.488
-
cpe:2.3:a:adobe:flash_player:10.0.0.584
-
cpe:2.3:a:adobe:flash_player:10.0.12.10
-
cpe:2.3:a:adobe:flash_player:10.0.12.36
-
cpe:2.3:a:adobe:flash_player:10.0.15.3
-
cpe:2.3:a:adobe:flash_player:10.0.2.54
-
cpe:2.3:a:adobe:flash_player:10.0.22.87
-
cpe:2.3:a:adobe:flash_player:10.0.32.18
-
cpe:2.3:a:adobe:flash_player:10.0.42.34
-
cpe:2.3:a:adobe:flash_player:10.0.45.2
-
cpe:2.3:a:adobe:flash_player:10.1
-
cpe:2.3:a:adobe:flash_player:10.1.102.64
-
cpe:2.3:a:adobe:flash_player:10.1.105.6
-
cpe:2.3:a:adobe:flash_player:10.1.106.16
-
cpe:2.3:a:adobe:flash_player:10.1.106.17
-
cpe:2.3:a:adobe:flash_player:10.1.52.14
-
cpe:2.3:a:adobe:flash_player:10.1.52.14.1
-
cpe:2.3:a:adobe:flash_player:10.1.52.15
-
cpe:2.3:a:adobe:flash_player:10.1.53.64
-
cpe:2.3:a:adobe:flash_player:10.1.82.76
-
cpe:2.3:a:adobe:flash_player:10.1.85.3
-
cpe:2.3:a:adobe:flash_player:10.1.92.10
-
cpe:2.3:a:adobe:flash_player:10.1.92.8
-
cpe:2.3:a:adobe:flash_player:10.1.95.1
-
cpe:2.3:a:adobe:flash_player:10.1.95.2
-
cpe:2.3:a:adobe:flash_player:10.2.152
-
cpe:2.3:a:adobe:flash_player:10.2.152.26
-
cpe:2.3:a:adobe:flash_player:10.2.152.32
-
cpe:2.3:a:adobe:flash_player:10.2.152.33
-
cpe:2.3:a:adobe:flash_player:10.2.153.1
-
cpe:2.3:a:adobe:flash_player:10.2.154.13
-
cpe:2.3:a:adobe:flash_player:10.2.154.25
-
cpe:2.3:a:adobe:flash_player:10.2.154.27
-
cpe:2.3:a:adobe:flash_player:10.2.156.12
-
cpe:2.3:a:adobe:flash_player:10.2.157.51
-
cpe:2.3:a:adobe:flash_player:10.2.159.1
-
cpe:2.3:a:adobe:flash_player:10.3
-
cpe:2.3:a:adobe:flash_player:10.3.181.14
-
cpe:2.3:a:adobe:flash_player:10.3.181.16
-
cpe:2.3:a:adobe:flash_player:10.3.181.22
-
cpe:2.3:a:adobe:flash_player:10.3.181.23
-
cpe:2.3:a:adobe:flash_player:10.3.181.26
-
cpe:2.3:a:adobe:flash_player:10.3.181.34
-
cpe:2.3:a:adobe:flash_player:10.3.183.10
-
cpe:2.3:a:adobe:flash_player:10.3.183.5
-
cpe:2.3:a:adobe:flash_player:10.3.183.7
-
cpe:2.3:a:adobe:flash_player:11.0
-
cpe:2.3:a:adobe:flash_player:11.0.1.152
-
cpe:2.3:a:adobe:flash_player:11.0.1.153
-
cpe:2.3:a:adobe:flash_player:11.1
-
cpe:2.3:a:adobe:flash_player:11.1.102.55
-
cpe:2.3:o:apple:mac_os_x:-
-
cpe:2.3:o:google:android:-
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:sun:solaris:-