CVE-2011-0609

Confirmed PUBLISHED

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on...

Adobe · Flash Player
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.8 High

At a Glance

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.

metasploit cisa android linux windows macos
CVE Published
Mar 15, 2011
Exploitation Reported
Jun 08, 2022
CVSS
7.8 High
EPSS
Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • SUSE-SR:2011:005 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000...
  • RHSA-2011:0372 redhat.com · Vendor Advisory http://www.redhat.com/support/errata/RHSA-2011-0372.html
  • 43751 secunia.com · Third-Party Advisory http://secunia.com/advisories/43751
  • 43856 secunia.com · Third-Party Advisory http://secunia.com/advisories/43856
  • VU#192052 kb.cert.org · Third-Party Advisory http://www.kb.cert.org/vuls/id/192052
Show 17 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.