Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-0611

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.

Published

2011-04-13T14:55:01.217

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-843
Type: Secondary
CWE-843

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	adobe	flash_player	< 10.2.154.27	Yes
Operating System	apple	mac_os_x	-	No
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No
Operating System	oracle	solaris	-	No
Application	adobe	flash_player	≤ 10.2.156.12	Yes
Operating System	google	android	-	No
Application	adobe	acrobat_reader	< 9.4.4	Yes
Application	adobe	acrobat_reader	≤ 10.0.1	Yes
Operating System	microsoft	windows	-	No
Application	adobe	adobe_air	< 2.6.19140	Yes
Application	adobe	acrobat_reader	< 9.4.4	Yes
Application	adobe	acrobat_reader	< 10.0.3	Yes
Operating System	apple	mac_os_x	-	No
Application	adobe	acrobat	< 9.4	Yes
Application	adobe	acrobat	< 10.0.3	Yes
Operating System	apple	mac_os_x	-	No
Operating System	microsoft	windows	-	No
Application	google	chrome	< 10.0.648.205	Yes
Operating System	apple	mac_os_x	-	No
Operating System	google	chrome_os	-	No
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No
Operating System	opensuse	opensuse	11.2	Yes
Operating System	opensuse	opensuse	11.3	Yes
Operating System	opensuse	opensuse	11.4	Yes
Operating System	suse	linux_enterprise_desktop	10	Yes
Operating System	suse	linux_enterprise_desktop	11	Yes

References

http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx Not Applicable ([email protected])
http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html Exploit ([email protected])
http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html Exploit, Issue Tracking ([email protected])
http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html Release Notes ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html Mailing List, Patch ([email protected])
http://secunia.com/advisories/44119 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/44141 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/44149 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/blog/210/ Broken Link, Vendor Advisory ([email protected])
http://securityreason.com/securityalert/8204 Third Party Advisory ([email protected])
http://securityreason.com/securityalert/8292 Third Party Advisory ([email protected])
http://www.adobe.com/support/security/advisories/apsa11-02.html Broken Link, Vendor Advisory ([email protected])
http://www.adobe.com/support/security/bulletins/apsb11-07.html Broken Link, Vendor Advisory ([email protected])
http://www.adobe.com/support/security/bulletins/apsb11-08.html Broken Link, Vendor Advisory ([email protected])
http://www.exploit-db.com/exploits/17175 Exploit, Third Party Advisory, VDB Entry ([email protected])
http://www.kb.cert.org/vuls/id/230057 Broken Link, Third Party Advisory, US Government Resource ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-0451.html Broken Link, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/47314 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1025324 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1025325 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2011/0922 Broken Link, Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0923 Broken Link, Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0924 Broken Link, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/66681 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175 Broken Link ([email protected])
http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html Exploit, Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/44119 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/44141 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/44149 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/blog/210/ Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/8204 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/8292 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.adobe.com/support/security/advisories/apsa11-02.html Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.adobe.com/support/security/bulletins/apsb11-07.html Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.adobe.com/support/security/bulletins/apsb11-08.html Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/17175 Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/230057 Broken Link, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-0451.html Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/47314 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1025324 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1025325 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0922 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0923 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0924 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66681 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175 Broken Link (af854a3a-2127-422b-91ae-364da2661108)