CVE-2011-2461 is back!

[Mauro Gentile <gentile.mauro.mg () gmail com>]

A few days ago me (@sneak_) and @_ikki gave a talk at the great Troopers
2015 conference about CVE-2011-2461.
2011??! Yes, you read it right: we love to analyze seasoned bugs.
This bug is still exploitable in modern web browsers, with the latest
Adobe Flash plug-in.
In the case you are interested in client-side security, then we suggest
you to take a look at:
http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html
OR
http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html


The two links above are cross-posts, therefore you will find the same
content on both.

For pentesters: you will find a new vulnerability to look for in the
next days.
For Flex developers and site maintainers: you will understand how to
patch vulnerable SWF files.


Stay tuned, as we are going to release additional materials in the next
days, including some real world exploitation cases against well-known
domains.

Cheers,
Mauro and Luca

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/