Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2011-2444

Published: 22/09/2011 Updated: 30/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Flash Player

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in Adobe Flash Player prior to 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and prior to 10.3.186.7 on Android, allows remote malicious users to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player 10.0.15.3

adobe flash_player 10.0.12.36

adobe flash_player 9.0.246.0

adobe flash_player 9.0.152.0

adobe flash_player 9.0.114.0

adobe flash_player 9.125.0

adobe flash_player 9.0.124.0

adobe flash_player 9.0.159.0

adobe flash_player 8.0.22.0

adobe flash_player 8.0.33.0

adobe flash_player 7.0.66.0

adobe flash_player 7.1

adobe flash_player 7.0.67.0

adobe flash_player 7.0.61.0

adobe flash_player 7.0.14.0

adobe flash_player 6.0.21.0

adobe flash_player 10.1.95.1

adobe flash_player 10.1.52.14.1

adobe flash_player 10.0.0.584

adobe flash_player 10.0.42.34

adobe flash_player 9.0.16

adobe flash_player 9.0.125.0

adobe flash_player 9.0.28

adobe flash_player 10.0.22.87

adobe flash_player 9.0.20.0

adobe flash_player 9.0.155.0

adobe flash_player 8.0

adobe flash_player 7.0.63

adobe flash_player 9.0.48.0

adobe flash_player 7.0.24.0

adobe flash_player 7.0.53.0

adobe flash_player 7.2

adobe flash_player 7.0.19.0

adobe flash_player 9.0.277.0

adobe flash_player 10.1.53.64

adobe flash_player 10.1.92.8

adobe flash_player 10.2.152

adobe flash_player 10.3.181.16

adobe flash_player 10.3.181.23

adobe flash_player 10.1.85.3

adobe flash_player 10.1.95.2

adobe flash_player 10.2.154.13

adobe flash_player 10.2.154.25

adobe flash_player

adobe flash_player 10.1.102.64

adobe flash_player 10.1.92.10

adobe flash_player 10.0.45.2

adobe flash_player 9.0.112.0

adobe flash_player 9.0.260.0

adobe flash_player 9.0.45.0

adobe flash_player 9.0.283.0

adobe flash_player 9.0.31.0

adobe flash_player 8.0.24.0

adobe flash_player 9.0.115.0

adobe flash_player 8.0.42.0

adobe flash_player 7.0.60.0

adobe flash_player 7.0.73.0

adobe flash_player 7.0.69.0

adobe flash_player 7.1.1

adobe flash_player 10.1.52.15

adobe flash_player 6.0.79

adobe flash_player 10.2.152.32

adobe flash_player 10.2.152.33

adobe flash_player 10.3.181.34

adobe flash_player 10.3.181.36

adobe flash_player 10.3.183.5

adobe flash_player 10.0.32.18

adobe flash_player 10.0.12.10

adobe flash_player 9.0.151.0

adobe flash_player 9.0.18d60

adobe flash_player 9.0.262.0

adobe flash_player 9.0.28.0

adobe flash_player 9.0.31

adobe flash_player 9.0

adobe flash_player 8.0.39.0

adobe flash_player 8.0.35.0

adobe flash_player 7.0.25

adobe flash_player 7.0.68.0

adobe flash_player 9.0.20

adobe flash_player 7.0

adobe flash_player 7.0.1

adobe flash_player 8.0.34.0

adobe flash_player 7.0.70.0

adobe flash_player 9.0.47.0

adobe flash_player 10.1.82.76

adobe flash_player 10.2.159.1

adobe flash_player 10.3.181.14

adobe flash_player 10.1.106.16

adobe flash_player 10.2.156.12

adobe flash_player 10.3.185.23

adobe flash_player 10.3.185.25

adobe flash_player 10.2.157.51

adobe flash_player 10.3.185.21

adobe flash_player 10.1.105.6

adobe flash_player 10.3.186.3

Recent Articles

Adobe’s cost of popularity
Securelist • Tim Armstrong • 22 Sep 2011

Adobe pushed an emergency update to its ubiquitous Flash player yesterday that closed holes on 6 separate vulnerabilities. Of the 6, 4 were related directly to code execution (CVE-2011-2426, CVE-2011-2427, CVE-2011- 2428, CVE-2011-2430) One revolves around a universal cross-site scripting issue (CVE-2011-2444), and the last vulnerability can lead to information disclosure (CVE-2011-2429). We recommend that you update all systems immediately. Adobe also states that CVE-2011-2444 relating to cross...

Read more...
Adobe rushes out emergency fix for critical bug in Flash
The Register • Dan Goodin • 21 Sep 2011

'Zero-day' attacks already underway

Adobe Systems has issued an emergency update for its ubiquitous Flash Player that fixes a critical security vulnerability that attackers are actively exploiting to hack end user machines. Code exploiting the universal XSS, or cross-site scripting, bug “is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message,” Adobe said Wednesday in a blog post. It said the bug has been identified as CVE-2011-2444 an...

Read more...

References

CWE-79http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_20.htmlhttp://www.adobe.com/support/security/bulletins/apsb11-26.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1333.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15272https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14050http://secunia.com/advisories/48308https://nvd.nist.govhttps://www.theregister.co.uk/2011/09/21/emergency_adobe_flash_update/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook