#VU31705 Permissions, Privileges, and Access Controls in Adobe AIR - CVE-2011-2458
Published: November 11, 2011 / Updated: July 21, 2020
Vulnerability identifier: #VU31705
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2011-2458
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Adobe AIR
Adobe AIR
Software vendor:
Adobe
Adobe
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.
Remediation
Install update from vendor's website.
External links
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html
- http://secunia.com/advisories/48819
- http://security.gentoo.org/glsa/glsa-201204-07.xml
- http://www.adobe.com/support/security/bulletins/apsb11-28.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14014
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16179