Skip to content

Patched version of the uploader.swf and uploaderSingle.swf to fix CVE-2011-2461

Notifications You must be signed in to change notification settings

u-maxx/magento-swf-patched-CVE-2011-2461

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

magento-swf-patched-CVE-2011-2461

Patched version of the uploader.swf and uploaderSingle.swf to fix CVE-2011-2461

More info about the vulnerable .swf files in the Magento's core can be found here - https://packetstormsecurity.com/files/131376/Magento-eCommerce-Vulnerable-Adobe-Flex-SDK.html

The main reason CVE-2011-2461 is best explained by @Mindedsecurity http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html thanks to @sneak_ & @_ikki

Files have been patched with the official Adobe patch tool (Action I) https://helpx.adobe.com/flash-builder/kb/flex-security-issue-apsb11-25.html

You can also check your SWF files with ParrotNG (https://github.com/ikkisoft/ParrotNG) and patch them by yourself with the official Adobe patch tool.

About

Patched version of the uploader.swf and uploaderSingle.swf to fix CVE-2011-2461

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published