Full Disclosure mailing list archives
CVE-2011-2461 is back!
From: Mauro Gentile <gentile.mauro.mg () gmail com>
Date: Sun, 22 Mar 2015 17:10:59 +0100
A few days ago me (@sneak_) and @_ikki gave a talk at the great Troopers 2015 conference about CVE-2011-2461. 2011??! Yes, you read it right: we love to analyze seasoned bugs. This bug is still exploitable in modern web browsers, with the latest Adobe Flash plug-in. In the case you are interested in client-side security, then we suggest you to take a look at: http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html OR http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html The two links above are cross-posts, therefore you will find the same content on both. For pentesters: you will find a new vulnerability to look for in the next days. For Flex developers and site maintainers: you will understand how to patch vulnerable SWF files. Stay tuned, as we are going to release additional materials in the next days, including some real world exploitation cases against well-known domains. Cheers, Mauro and Luca _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE-2011-2461 is back! Mauro Gentile (Mar 22)
- Re: CVE-2011-2461 is back! Mauro Gentile (Mar 30)