Adobe Flash Player CVE-2011-2458 Cross Domain Security Bypass Vulnerability
BID:50629
Info
Adobe Flash Player CVE-2011-2458 Cross Domain Security Bypass Vulnerability
| Bugtraq ID: | 50629 |
| Class: | Origin Validation Error |
| CVE: |
CVE-2011-2458 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 09 2011 12:00AM |
| Updated: | Jun 20 2013 09:38AM |
| Credit: | lakehu of Tencent Security Center. |
| Vulnerable: |
SuSE SUSE Linux Enterprise Desktop 11 SP1 SuSE SUSE Linux Enterprise Desktop 10 SP4 SuSE openSUSE 11.4 SuSE openSUSE 11.3 Sun Solaris 11 Sun Solaris 10_x86 Sun Solaris 10_sparc HP Systems Insight Manager 6.3 HP Systems Insight Manager 6.2 HP Systems Insight Manager 6.1 HP Systems Insight Manager 6.0.0.96 HP Systems Insight Manager 6.0 HP Systems Insight Manager 5.3 Update 1 HP Systems Insight Manager 5.3 HP Systems Insight Manager 5.2 SP2 HP Systems Insight Manager 5.1 SP1 HP Systems Insight Manager 5.0 SP6 HP Systems Insight Manager 5.0 SP5 HP Systems Insight Manager 5.0 SP3 HP Systems Insight Manager 5.0 SP2 HP Systems Insight Manager 5.0 SP1 HP Systems Insight Manager 5.0 HP Systems Insight Manager 4.2 SP2 HP Systems Insight Manager 4.2 SP1 HP Systems Insight Manager 4.2 Gentoo Linux Adobe Flash Player for Android 11.0.1.153 Adobe Flash Player 10.1.53 .64 Adobe Flash Player 10.1.51 .66 Adobe Flash Player 10.0.45 2 Adobe Flash Player 10.0.45 2 Adobe Flash Player 10.0.45 2 Adobe Flash Player 10.0.32 18 Adobe Flash Player 10.0.22 .87 Adobe Flash Player 10.0.15 .3 Adobe Flash Player 10.0.12 .36 Adobe Flash Player 10.0.12 .35 Adobe Flash Player 9.0.262 Adobe Flash Player 9.0.246 0 Adobe Flash Player 9.0.152 .0 Adobe Flash Player 9.0.151 .0 Adobe Flash Player 9.0.124 .0 Adobe Flash Player 9.0.48.0 Adobe Flash Player 9.0.47.0 Adobe Flash Player 9.0.45.0 Adobe Flash Player 9.0.31.0 Adobe Flash Player 9.0.289.0 Adobe Flash Player 9.0.283.0 Adobe Flash Player 9.0.280 Adobe Flash Player 9.0.28.0 Adobe Flash Player 9.0.277.0 Adobe Flash Player 9.0.262.0 Adobe Flash Player 9.0.260.0 Adobe Flash Player 9.0.246.0 Adobe Flash Player 9.0.159.0 Adobe Flash Player 9.0.155.0 Adobe Flash Player 9.0.115.0 Adobe Flash Player 9 Adobe Flash Player 8.0.35.0 Adobe Flash Player 8.0.34.0 Adobe Flash Player 8 Adobe Flash Player 11.0.1.152 Adobe Flash Player 10.3.186.7 Adobe Flash Player 10.3.186.6 Adobe Flash Player 10.3.186.3 Adobe Flash Player 10.3.186.2 Adobe Flash Player 10.3.185.25 Adobe Flash Player 10.3.185.23 Adobe Flash Player 10.3.185.22 Adobe Flash Player 10.3.185.21 Adobe Flash Player 10.3.183.7 Adobe Flash Player 10.3.183.5 Adobe Flash Player 10.3.183.4 Adobe Flash Player 10.3.183.10 Adobe Flash Player 10.3.181.34 Adobe Flash Player 10.3.181.26 Adobe Flash Player 10.3.181.23 Adobe Flash Player 10.3.181.22 Adobe Flash Player 10.3.181.16 Adobe Flash Player 10.3.181.14 Adobe Flash Player 10.2.159.1 Adobe Flash Player 10.2.157.51 Adobe Flash Player 10.2.156.12 Adobe Flash Player 10.2.154.28 Adobe Flash Player 10.2.154.27 Adobe Flash Player 10.2.154.25 Adobe Flash Player 10.2.154.24 Adobe Flash Player 10.2.154.18 Adobe Flash Player 10.2.154.13 Adobe Flash Player 10.2.153.1 Adobe Flash Player 10.2.152.33 Adobe Flash Player 10.2.152.32 Adobe Flash Player 10.2.152.21 Adobe Flash Player 10.2.152 Adobe Flash Player 10.1.95.2 Adobe Flash Player 10.1.95.1 Adobe Flash Player 10.1.92.8 Adobe Flash Player 10.1.92.10 Adobe Flash Player 10.1.92.10 Adobe Flash Player 10.1.85.3 Adobe Flash Player 10.1.82.76 Adobe Flash Player 10.1.52.15 Adobe Flash Player 10.1.52.14.1 Adobe Flash Player 10.1.106.16 Adobe Flash Player 10.1.105.6 Adobe Flash Player 10.1.102.65 Adobe Flash Player 10.1.102.64 Adobe Flash Player 10.1 Release Candida Adobe Flash Player 10.0.42.34 Adobe Flash Player 10.0.32.18 Adobe Flash Player 10 Adobe AIR 2.0.4 Adobe AIR 2.0.3 Adobe AIR 3.0 Adobe AIR 2.7.1 Adobe AIR 2.7 Adobe AIR 2.6 Adobe AIR 2.5.1 Adobe AIR 2.0.3 Adobe AIR 2.0.2 |
| Not Vulnerable: |
HP Systems Insight Manager 7.0 Adobe Flash Player for Android 11.1.102.59 Adobe Flash Player 11.1.102.55 Adobe AIR 3.1.0.4880 |
Discussion
Adobe Flash Player CVE-2011-2458 Cross Domain Security Bypass Vulnerability
Adobe Flash Player is prone to an unspecified cross-domain security-bypass vulnerability.
An attacker can exploit this issue to bypass certain same-origin policy restrictions, which may aid in further attacks.
Adobe Flash Player is prone to an unspecified cross-domain security-bypass vulnerability.
An attacker can exploit this issue to bypass certain same-origin policy restrictions, which may aid in further attacks.
Exploit / POC
Adobe Flash Player CVE-2011-2458 Cross Domain Security Bypass Vulnerability
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Adobe Flash Player CVE-2011-2458 Cross Domain Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Adobe Flash Player CVE-2011-2458 Cross Domain Security Bypass Vulnerability
References:
References: