CVE-2011-2458

2011-11-1116:55:01

CWE-264

adobe

web.nvd.nist.gov

adobe

flash player

vulnerability

cross-domain policy

nvd

cve-2011-2458

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.012

Percentile

85.5%

JSON

Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.

Affected configurations

Nvd

Node

adobeflash_playerRange10.0–10.3.183.11

adobeflash_playerRange11.0–11.1.102.55

AND

applemac_os_xMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

sunsolarisMatch-

Node

adobeflash_playerRange11.0–11.1.102.59

AND

googleandroidMatch-

Node

adobeadobe_airRange3.0–3.1.0.4880

VendorProductVersionCPE
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
applemac_os_x-cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
sunsolaris-cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*
googleandroid-cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
adobeadobe_air*cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player::::::::
apple	mac_os_x	-	cpe:2.3:o:apple:mac_os_x:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
sun	solaris	-	cpe:2.3:o:sun:solaris:-:::::::*
google	android	-	cpe:2.3:o:google:android:-:::::::*
adobe	adobe_air	*	cpe:2.3:a:adobe:adobe_air::::::::