Back to KEVs

CVE-2011-0611

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140;...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 20, 2011
Published Date
April 13, 2011
Last Updated
August 06, 2024
Vendor
Adobe
Product
Flash Player
Description
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
Tags
windows linux macos android cisa metasploit_scanner

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2022-03-03 00:00:00 UTC) Source

References

http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175 http://www.securityfocus.com/bid/47314 http://secunia.com/blog/210/ http://securityreason.com/securityalert/8204 http://www.vupen.com/english/advisories/2011/0922 http://www.redhat.com/support/errata/RHSA-2011-0451.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html http://www.adobe.com/support/security/bulletins/apsb11-07.html http://securityreason.com/securityalert/8292 http://secunia.com/advisories/44149 http://secunia.com/advisories/44141 https://exchange.xforce.ibmcloud.com/vulnerabilities/66681 http://www.vupen.com/english/advisories/2011/0924 http://www.securitytracker.com/id?1025325 http://www.exploit-db.com/exploits/17175 http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx http://secunia.com/advisories/44119 http://www.kb.cert.org/vuls/id/230057 http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html http://www.vupen.com/english/advisories/2011/0923 http://www.adobe.com/support/security/advisories/apsa11-02.html http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html http://www.adobe.com/support/security/bulletins/apsb11-08.html http://www.securitytracker.com/id?1025324

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-03-03 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb 2025-04-29 11:01:30 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

adobe_flashplayer_flash10o

Type: metasploit • Created: Unknown

Metasploit module for CVE-2011-0611

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Metasploit