CVE-2011-0609

HIGH KEV

Adobe Flash Player AVM Bytecode Verification Vulnerability

Title source: metasploit
STIX 2.1

Exploitation Summary

CVE-2011-0609 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022. EIP tracks 2 public exploits from researchers including Metasploit, bannedit, Unknown, including a Metasploit module exploits/windows/browser/adobe_flashplayer_avm.

AI-analyzed exploit summary This Metasploit module exploits a bytecode verification vulnerability in Adobe Flash Player (CVE-2011-0609) by leveraging heap spraying to execute arbitrary code. It delivers a malformed SWF file via an HTML page with embedded JavaScript to trigger the vulnerability.

Description

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17027

This Metasploit module exploits a bytecode verification vulnerability in Adobe Flash Player (CVE-2011-0609) by leveraging heap spraying to execute arbitrary code. It delivers a malformed SWF file via an HTML page with embedded JavaScript to trigger the vulnerability.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player 9.0 through 10
No auth needed
Prerequisites: Target must visit a malicious webpage · Adobe Flash Player 9.0-10 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by bannedit, Unknown · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flashplayer_avm.rb

This Metasploit module exploits CVE-2011-0609, a vulnerability in Adobe Flash Player's AVM2 bytecode verification logic, leading to unsafe JIT code execution. It leverages heap spraying and uninitialized memory references to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player versions 10.2.152.33 and earlier
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Flash Player must be installed and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (23)

Core 23
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46860
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0732
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43751
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0656
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025211
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66078
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0655
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025210
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43856
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/192052
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43772
Broken Link third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8152
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025238
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0372.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43757
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0688

Scores

CVSS v3 7.8
EPSS 0.9208
EPSS Percentile 99.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-06-08
VulnCheck KEV 2011-03-15
InTheWild.io 2018-10-30
ENISA EUVD EUVD-2011-0627
Status published
Products (14)
adobe/acrobat 10.0
adobe/acrobat 10.0.1
adobe/acrobat 9.0 - 9.4.2
adobe/acrobat_reader 10.0
adobe/acrobat_reader 10.0.1
adobe/acrobat_reader 9.0 - 9.4.2
adobe/air < 2.5.1
adobe/flash_player < 10.2.154.13
google/chrome < 10.0.648.134
opensuse/opensuse 11.2
... and 4 more
Published Mar 15, 2011
KEV Added Jun 08, 2022
Tracked Since Feb 18, 2026