CVE-2011-2458

Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.

Published: Nov 11, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-2458
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
adobe / flash_player	10.0	10.3.183.11
adobe / flash_player	11.0	11.1.102.55
adobe / flash_player	11.0	11.1.102.59
adobe / adobe_air	3.0	3.1.0.4880

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html
http://secunia.com/advisories/48819
http://security.gentoo.org/glsa/glsa-201204-07.xml
http://www.adobe.com/support/security/bulletins/apsb11-28.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16179

Vulnerability Database

289,784

CVE-2011-2458