As a follow up to our previous email, we have just released more details regarding our research on CVE-2011-2461. Specifically, we discussed a real world exploitation scenario and we provided a detailed FAQ page with test cases:
Exploiting CVE-2011-2461 on google.com http://blog.mindedsecurity.com/2015/03/exploiting-cve-2011-2461-on-googlecom.html FAQ (+ test cases) http://blog.nibblesec.org/2015/03/cve-2011-2461-is-back-faq.html Cheers, Mauro and Luca On 22/03/2015 17:10, Mauro Gentile wrote: > A few days ago me (@sneak_) and @_ikki gave a talk at the great Troopers > 2015 conference about CVE-2011-2461. > 2011??! Yes, you read it right: we love to analyze seasoned bugs. > This bug is still exploitable in modern web browsers, with the latest > Adobe Flash plug-in. > In the case you are interested in client-side security, then we suggest > you to take a look at: > http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html > OR > http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html > > > The two links above are cross-posts, therefore you will find the same > content on both. > > For pentesters: you will find a new vulnerability to look for in the > next days. > For Flex developers and site maintainers: you will understand how to > patch vulnerable SWF files. > > > Stay tuned, as we are going to release additional materials in the next > days, including some real world exploitation cases against well-known > domains. > > Cheers, > Mauro and Luca > _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
