CVE-2011-2461

Currently unrated

Key Information:

Vendor: Adobe
Status: Flex Sdk
Vendor: CVE Published:; 1 December 2011

Badges

👾 Exploit Exists🟡 Public PoC

Summary

Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

ParrotNG
Created by ikkisoft

magento-swf-patched-CVE-2011-2461
Created by u-maxx

CVE-2011-2461_Magento_Patch
Created by edmondscommerce

References

https://threatpost.com/adobe-cve-2011-2461-remains-exploi...

x_refsource_MISC

http://www.adobe.com/support/security/bulletins/apsb11-25...

x_refsource_CONFIRM

http://packetstormsecurity.com/files/131376/Magento-eComm...

x_refsource_MISC

Timeline

🟡
Public PoC available
Jul 26, 2016
👾
Exploit known to exist
Feb 8, 2015
Vulnerability published
Dec 1, 2011
Vulnerability Reserved
Jun 6, 2011