Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-0609

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.

Published

2011-03-15T17:55:03.827

Last Modified

2025-10-22T01:15:40.220

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	adobe	flash_player	≤ 10.2.154.13	Yes
Operating System	apple	mac_os_x	-	No
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No
Operating System	oracle	solaris	-	No
Application	adobe	flash_player	≤ 10.1.106.16	Yes
Operating System	google	android	-	No
Application	adobe	acrobat	≤ 9.4.2	Yes
Application	adobe	acrobat	10.0	Yes
Application	adobe	acrobat	10.0.1	Yes
Application	adobe	acrobat_reader	≤ 9.4.2	Yes
Application	adobe	acrobat_reader	10.0	Yes
Application	adobe	acrobat_reader	10.0.1	Yes
Operating System	apple	mac_os_x	-	No
Operating System	microsoft	windows	-	No
Application	adobe	air	≤ 2.5.1	Yes
Operating System	opensuse	opensuse	11.2	Yes
Operating System	opensuse	opensuse	11.3	Yes
Operating System	opensuse	opensuse	11.4	Yes
Operating System	suse	linux_enterprise	10.0	Yes
Operating System	suse	linux_enterprise	11.0	Yes
Application	google	chrome	< 10.0.648.134	Yes
Operating System	apple	macos	-	No
Operating System	google	chrome_os	-	No
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No

References

http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html Broken Link ([email protected])
http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html Mailing List, Third Party Advisory ([email protected])
http://secunia.com/advisories/43751 Broken Link ([email protected])
http://secunia.com/advisories/43757 Broken Link ([email protected])
http://secunia.com/advisories/43772 Broken Link ([email protected])
http://secunia.com/advisories/43856 Broken Link ([email protected])
http://securityreason.com/securityalert/8152 Broken Link ([email protected])
http://www.adobe.com/support/security/advisories/apsa11-01.html Vendor Advisory ([email protected])
http://www.adobe.com/support/security/bulletins/apsb11-06.html Not Applicable ([email protected])
http://www.kb.cert.org/vuls/id/192052 Third Party Advisory, US Government Resource ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-0372.html Broken Link ([email protected])
http://www.securityfocus.com/bid/46860 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1025210 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1025211 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1025238 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2011/0655 Broken Link ([email protected])
http://www.vupen.com/english/advisories/2011/0656 Broken Link ([email protected])
http://www.vupen.com/english/advisories/2011/0688 Broken Link ([email protected])
http://www.vupen.com/english/advisories/2011/0732 Broken Link ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/66078 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147 Broken Link ([email protected])
http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43751 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43757 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43772 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43856 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/8152 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.adobe.com/support/security/advisories/apsa11-01.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.adobe.com/support/security/bulletins/apsb11-06.html Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/192052 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-0372.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/46860 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1025210 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1025211 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1025238 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0655 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0656 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0688 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0732 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66078 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0609 (134c704f-9b21-4f2e-91b3-4a467353bcc0)