返回 CVE 瀏覽器

CVE-2011-2092

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0310%

EPSS Percentile13.06th

Published2011年6月16日

Last Modified2026年4月29日

Vulnerability Description

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."

Affected Platforms (CPE)

📦

Adobe

Blazeds

<= 4.0.1

📦

Adobe

Livecycle Data Services

<= 3.1

📦

Adobe

Livecycle Data Services

= 2.5

📦

Adobe

Livecycle Data Services

= 2.5.1

📦

Adobe

Livecycle Data Services

= 2.6

📦

Adobe

Livecycle Data Services

= 2.6.1

📦

Adobe

Livecycle Data Services

= 3

📦

Adobe

Livecycle

<= 9.0.0.2

📦

Adobe

Livecycle

= 6.0

📦

Adobe

Livecycle

= 7.0

📦

Adobe

Livecycle

= 8.0.1

📦

Adobe

Livecycle

= 8.0.1.1

📦

Adobe

Livecycle

= 8.0.1.2

📦

Adobe

Livecycle

= 8.2.1.3

References & Advisories

🔗 http://www.adobe.com/support/security/bulletins/apsb11-15.html

🔗 http://www.securitytracker.com/id?1025656

🔗 http://www.securitytracker.com/id?1025657

🔗 http://www.adobe.com/support/security/bulletins/apsb11-15.html

🔗 http://www.securitytracker.com/id?1025656

🔗 http://www.securitytracker.com/id?1025657

相關漏洞威脅

CVE-2018-147199.8

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block ...

CVE-2017-30669.8

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java d...

CVE-2017-56419.8

Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deseriali...

CVE-2007-00189.3

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allo...