CVE-2011-0611

Warning

Exploit

EPSS 92.9%
Published 13.04.2011 14:55:01
Last modified 11.04.2025 00:51:21
Source psirt@adobe.com
Teams watchlist Login
Open Login

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.

Affected products Warnungen 1 Metrics 4 CWE 1 References 28

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Flash Player Version < 10.2.154.27

   Apple ≫ macOS X Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-
   Oracle ≫ Solaris Version-

Adobe ≫ Flash Player Version <= 10.2.156.12

Google ≫ Android Version-

Adobe ≫ Acrobat Reader Version >= 9.0 < 9.4.4

Microsoft ≫ Windows Version-

Adobe ≫ Acrobat Reader Version >= 10.0 <= 10.0.1

Microsoft ≫ Windows Version-

Adobe ≫ Adobe Air Version < 2.6.19140

Adobe ≫ Acrobat Reader Version >= 9.0 < 9.4.4

Apple ≫ macOS X Version-

Adobe ≫ Acrobat Reader Version >= 10.0 < 10.0.3

Apple ≫ macOS X Version-

Adobe ≫ Acrobat Version >= 9.0 < 9.4

Apple ≫ macOS X Version-
Microsoft ≫ Windows Version-

Adobe ≫ Acrobat Version >= 10.0 < 10.0.3

Apple ≫ macOS X Version-
Microsoft ≫ Windows Version-

Google ≫ Chrome Version < 10.0.648.205

   Apple ≫ macOS X Version-
   Google ≫ Chrome Os Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Opensuse ≫ Opensuse Version11.2

Opensuse ≫ Opensuse Version11.3

Opensuse ≫ Opensuse Version11.4

Suse ≫ Linux Enterprise Desktop Version10 Updatesp4 SwEdition-

Suse ≫ Linux Enterprise Desktop Version11 Updatesp1

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Flash Player Remote Code Execution Vulnerability

Vulnerability

Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.

Description

The impacted product is end-of-life and should be disconnected if still in use.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	92.9%	0.998

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx

Not Applicable

http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html

Exploit

http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html

Exploit

Issue Tracking

http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html

Release Notes

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html

Patch

Mailing List