| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 22 Mar 2015 17:10:59 +0100 From: Mauro Gentile <gentile.mauro.mg@...il.com> To: fulldisclosure@...lists.org Subject: [FD] CVE-2011-2461 is back! A few days ago me (@sneak_) and @_ikki gave a talk at the great Troopers 2015 conference about CVE-2011-2461. 2011??! Yes, you read it right: we love to analyze seasoned bugs. This bug is still exploitable in modern web browsers, with the latest Adobe Flash plug-in. In the case you are interested in client-side security, then we suggest you to take a look at: http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html OR http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html The two links above are cross-posts, therefore you will find the same content on both. For pentesters: you will find a new vulnerability to look for in the next days. For Flex developers and site maintainers: you will understand how to patch vulnerable SWF files. Stay tuned, as we are going to release additional materials in the next days, including some real world exploitation cases against well-known domains. Cheers, Mauro and Luca _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists