Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2092

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-2092
Last Modified 06 Sep 2011 11:16:56
Published 16 Jun 2011 07:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2092

Summary

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."

Vulnerable Systems

Application

  • Adobe Blazeds 4.0.1

  • Adobe Livecycle 6.0

  • Adobe Livecycle 7.0

  • Adobe Livecycle 8.0.1

  • Adobe Livecycle 8.0.1.1

  • Adobe Livecycle 8.0.1.2

  • Adobe Livecycle 8.2.1.3

  • Adobe Livecycle 9.0.0.2

  • Adobe Livecycle Data Services 2.5

  • Adobe Livecycle Data Services 2.5.1

  • Adobe Livecycle Data Services 2.6

  • Adobe Livecycle Data Services 2.6.1

  • Adobe Livecycle Data Services 3

  • Adobe Livecycle Data Services 3.1


References

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb11-15.html

SECTRACK - 1025657

SECTRACK - 1025656


Last Updated: 27 May 2016 10:56:54