Full Disclosure mailing list archives
Re: CVE-2011-2461 is back!
From: Mauro Gentile <gentile.mauro.mg () gmail com>
Date: Mon, 30 Mar 2015 22:50:03 +0200
As a follow up to our previous email, we have just released more details regarding our research on CVE-2011-2461. Specifically, we discussed a real world exploitation scenario and we provided a detailed FAQ page with test cases: Exploiting CVE-2011-2461 on google.com http://blog.mindedsecurity.com/2015/03/exploiting-cve-2011-2461-on-googlecom.html FAQ (+ test cases) http://blog.nibblesec.org/2015/03/cve-2011-2461-is-back-faq.html Cheers, Mauro and Luca On 22/03/2015 17:10, Mauro Gentile wrote:
A few days ago me (@sneak_) and @_ikki gave a talk at the great Troopers 2015 conference about CVE-2011-2461. 2011??! Yes, you read it right: we love to analyze seasoned bugs. This bug is still exploitable in modern web browsers, with the latest Adobe Flash plug-in. In the case you are interested in client-side security, then we suggest you to take a look at: http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html OR http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html The two links above are cross-posts, therefore you will find the same content on both. For pentesters: you will find a new vulnerability to look for in the next days. For Flex developers and site maintainers: you will understand how to patch vulnerable SWF files. Stay tuned, as we are going to release additional materials in the next days, including some real world exploitation cases against well-known domains. Cheers, Mauro and Luca
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE-2011-2461 is back! Mauro Gentile (Mar 22)
- Re: CVE-2011-2461 is back! Mauro Gentile (Mar 30)