VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 10, 2011· Updated Apr 29, 2026

CVE-2011-2139

CVE-2011-2139

Description

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player and AIR before specified versions allow remote attackers to bypass the Same Origin Policy and obtain sensitive information.

Vulnerability

CVE-2011-2139 is an information disclosure vulnerability in Adobe Flash Player and Adobe AIR that allows a remote attacker to bypass the Same Origin Policy (SOP). Affected versions include Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.3 on Android; and Adobe AIR before 2.7.1 on Windows and Mac OS X, and before 2.7.1.1961 on Android [1][2]. The issue is triggered via unspecified vectors, likely involving crafted content that violates cross-domain restrictions.

Exploitation

To exploit this vulnerability, an attacker must convince a victim to visit a malicious webpage or view a crafted Flash (SWF) file. No authentication or special network position is required beyond standard web access. The attacker creates content that performs cross-origin requests in a way that leaks data due to the broken SOP enforcement [2].

Impact

Successful exploitation allows the attacker to bypass the Same Origin Policy, leading to unauthorized disclosure of sensitive information from other origins (e.g., cookies, page content, or other data protected by the SOP). The attacker obtains information at the privilege level of the victim's browser session, without direct code execution [2].

Mitigation

Adobe released updates for Flash Player (version 10.3.183.5 on desktop platforms, 10.3.186.3 on Android) and AIR (2.7.1 on desktop, 2.7.1.1961 on Android) to address this vulnerability [1][2]. Users should update their software immediately. No workaround is disclosed in the available references.

References
  1. Support
  2. Adobe Updates for Multiple Vulnerabilities | CISA

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

103
  • Adobe Inc./Air11 versions
    cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*range: <=2.7
    • cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.6:*:*:*:*:*:*:*
    • (no CPE)range: <2.7.1
  • Adobe Inc./Flashplayer91 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 90 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=10.3.181.36
    • cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.157.51:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.159.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.14:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.16:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.23:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.34:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.185.21:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.185.23:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*
  • Adobe Inc./Flash Playerllm-fuzzy
    Range: <10.3.183.5

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.