CVE-2011-2444

EXPLOITED IN THE WILD

Adobe Flash Player < 10.3.183.7 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.

References (7)

[Release Notes, Vendor Advisory] http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_20.html

[Patch, Vendor Advisory] http://www.adobe.com/support/security/bulletins/apsb11-26.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2011-1333.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14050

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15272

[Third Party Advisory] http://secunia.com/advisories/48308

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html

Scores

EPSS 0.0092

EPSS Percentile 75.8%

Exploitation Intel

VulnCheck KEV 2011-09-22

InTheWild.io 2018-10-30

Classification

CWE

CWE-79

Status published

Affected Products (50)

adobe/flash_player < 10.3.183.7

adobe/flash_player

adobe/flash_player

adobe/flash_player

adobe/flash_player

adobe/flash_player

adobe/flash_player

adobe/flash_player

adobe/flash_player

adobe/flash_player

adobe/flash_player

adobe/flash_player

adobe/flash_player

adobe/flash_player

adobe/flash_player

... and 35 more

Timeline

Published Sep 22, 2011

Tracked Since Feb 18, 2026