CVE-2011-0609
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 20, 2011
- Published Date
- March 15, 2011
- Last Updated
- February 04, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
CVSS Scores
CVSS v3.1
7.8 - HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Exploit Status
- Exploited in the Wild
- Yes (added 2022-06-08 00:00:00 UTC) Source
References
http://www.securityfocus.com/bid/46860
http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html
http://www.vupen.com/english/advisories/2011/0732
http://www.adobe.com/support/security/advisories/apsa11-01.html
http://secunia.com/advisories/43751
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147
http://www.vupen.com/english/advisories/2011/0656
http://www.securitytracker.com/id?1025211
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/66078
http://www.vupen.com/english/advisories/2011/0655
http://www.securitytracker.com/id?1025210
http://secunia.com/advisories/43856
http://www.kb.cert.org/vuls/id/192052
http://secunia.com/advisories/43772
http://www.adobe.com/support/security/bulletins/apsb11-06.html
http://securityreason.com/securityalert/8152
http://www.securitytracker.com/id?1025238
http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html
http://www.redhat.com/support/errata/RHSA-2011-0372.html
http://secunia.com/advisories/43757
http://www.vupen.com/english/advisories/2011/0688
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-06-08 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flashplayer_avm.rb | 2025-04-29 11:01:30 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
adobe_flashplayer_avm
Type: metasploit • Created: Unknown
Metasploit module for CVE-2011-0609