cbcvebase.
CVE-2011-2107
published 2011-06-09

CVE-2011-2107: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on…

PriorityP274medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
3.55%
87.9th percentile
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability."

Affected

128 ranges· showing 25
VendorProductVersion rangeFixed in
adobeacrobat<= 10.0.3
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat_reader<= 10.0.3
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is being actively exploited in the wild via targeted attacks; attack vector is a malicious link delivered in an email message that the user is tricked into clicking.
  • The universal XSS vulnerability allows an attacker to take actions on a user's behalf on any website or webmail provider when the user visits a malicious website; monitor for anomalous cross-origin Flash-initiated requests.
  • ·Affected versions: Adobe Flash Player 10.3.181.16 and earlier on Windows, Macintosh, Linux, and Solaris; Flash Player 10.3.185.22 and earlier on Android. Fixed version is 10.3.181.22 (desktop) / post-10.3.185.22 (Android).
  • ·Adobe Reader for Linux also affected, but the support model changed to only two updates per year; Flash Player is no longer bundled in Adobe Reader 9.4.6 for Unix, so future Flash flaws will not apply to it.

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.