Skip to content
/ magento-swf-patched-CVE-2011-2461 Public

Patched version of the uploader.swf and uploaderSingle.swf to fix CVE-2011-2461

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

u-maxx/magento-swf-patched-CVE-2011-2461

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
skin/adminhtml/default/default/media
skin/adminhtml/default/default/media
 
 
README.md
README.md
 
 

Repository files navigation

magento-swf-patched-CVE-2011-2461

Patched version of the uploader.swf and uploaderSingle.swf to fix CVE-2011-2461

More info about the vulnerable .swf files in the Magento's core can be found here - https://packetstormsecurity.com/files/131376/Magento-eCommerce-Vulnerable-Adobe-Flex-SDK.html

The main reason CVE-2011-2461 is best explained by @Mindedsecurity http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html thanks to @sneak_ & @_ikki

Files have been patched with the official Adobe patch tool (Action I) https://helpx.adobe.com/flash-builder/kb/flex-security-issue-apsb11-25.html

You can also check your SWF files with ParrotNG (https://github.com/ikkisoft/ParrotNG) and patch them by yourself with the official Adobe patch tool.

About

Patched version of the uploader.swf and uploaderSingle.swf to fix CVE-2011-2461

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •