CVE-2011-2444

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
adobeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
adobeflash_player
𝑥
≤ 10.3.183.7
adobeflash_player
6.0.21.0
adobeflash_player
6.0.79
adobeflash_player
7.0
adobeflash_player
7.0.1
adobeflash_player
7.0.14.0
adobeflash_player
7.0.19.0
adobeflash_player
7.0.24.0
adobeflash_player
7.0.25
adobeflash_player
7.0.53.0
adobeflash_player
7.0.60.0
adobeflash_player
7.0.61.0
adobeflash_player
7.0.63
adobeflash_player
7.0.66.0
adobeflash_player
7.0.67.0
adobeflash_player
7.0.68.0
adobeflash_player
7.0.69.0
adobeflash_player
7.0.70.0
adobeflash_player
7.0.73.0
adobeflash_player
7.1
adobeflash_player
7.1.1
adobeflash_player
7.2
adobeflash_player
8.0
adobeflash_player
8.0.22.0
adobeflash_player
8.0.24.0
adobeflash_player
8.0.33.0
adobeflash_player
8.0.34.0
adobeflash_player
8.0.35.0
adobeflash_player
8.0.39.0
adobeflash_player
8.0.42.0
adobeflash_player
9.0
adobeflash_player
9.0.16
adobeflash_player
9.0.18d60:d60
adobeflash_player
9.0.20
adobeflash_player
9.0.20.0
adobeflash_player
9.0.28
adobeflash_player
9.0.28.0
adobeflash_player
9.0.31
adobeflash_player
9.0.31.0
adobeflash_player
9.0.45.0
adobeflash_player
9.0.47.0
adobeflash_player
9.0.48.0
adobeflash_player
9.0.112.0
adobeflash_player
9.0.114.0
adobeflash_player
9.0.115.0
adobeflash_player
9.0.124.0
adobeflash_player
9.0.125.0
adobeflash_player
9.0.151.0
adobeflash_player
9.0.152.0
adobeflash_player
9.0.155.0
adobeflash_player
9.0.159.0
adobeflash_player
9.0.246.0
adobeflash_player
9.0.260.0
adobeflash_player
9.0.262.0
adobeflash_player
9.0.277.0
adobeflash_player
9.0.283.0
adobeflash_player
9.125.0
adobeflash_player
10.0.0.584
adobeflash_player
10.0.12.10
adobeflash_player
10.0.12.36
adobeflash_player
10.0.15.3
adobeflash_player
10.0.22.87
adobeflash_player
10.0.32.18
adobeflash_player
10.0.42.34
adobeflash_player
10.0.45.2
adobeflash_player
10.1.52.14.1
adobeflash_player
10.1.52.15
adobeflash_player
10.1.53.64
adobeflash_player
10.1.82.76
adobeflash_player
10.1.85.3
adobeflash_player
10.1.92.8
adobeflash_player
10.1.92.10
adobeflash_player
10.1.95.1
adobeflash_player
10.1.95.2
adobeflash_player
10.1.102.64
adobeflash_player
10.2.152
adobeflash_player
10.2.152.32
adobeflash_player
10.2.152.33
adobeflash_player
10.2.154.13
adobeflash_player
10.2.154.25
adobeflash_player
10.2.159.1
adobeflash_player
10.3.181.14
adobeflash_player
10.3.181.16
adobeflash_player
10.3.181.23
adobeflash_player
10.3.181.34
adobeflash_player
10.3.181.36
adobeflash_player
10.3.183.5
adobeflash_player
𝑥
≤ 10.3.186.6
adobeflash_player
10.1.92.8
adobeflash_player
10.1.92.10
adobeflash_player
10.1.95.2
adobeflash_player
10.1.105.6
adobeflash_player
10.1.106.16
adobeflash_player
10.2.156.12
adobeflash_player
10.2.157.51
adobeflash_player
10.3.185.21
adobeflash_player
10.3.185.23
adobeflash_player
10.3.185.25
adobeflash_player
10.3.186.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adobe-flashplugin
natty
Fixed 10.3.183.10-0natty1
released
maverick
Fixed 10.3.183.10-0maverick1
released
lucid
Fixed 10.3.183.10-0lucid1
released
hardy
ignored
flashplugin-nonfree
natty
Fixed 10.3.183.10ubuntu0.11.04.1
released
maverick
Fixed 10.3.183.10ubuntu0.10.10.1
released
lucid
Fixed 10.3.183.10ubuntu0.10.04.1
released
hardy
ignored
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_20.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html
http://secunia.com/advisories/48308
http://www.adobe.com/support/security/bulletins/apsb11-26.html
http://www.redhat.com/support/errata/RHSA-2011-1333.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15272
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_20.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html
http://secunia.com/advisories/48308
http://www.adobe.com/support/security/bulletins/apsb11-26.html
http://www.redhat.com/support/errata/RHSA-2011-1333.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15272