CVE-2011-0609

HIGH KEV

Adobe Flash Player AVM Bytecode Verification Vulnerability

Title source: metasploit

Description

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17027

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by bannedit, Unknown · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flashplayer_avm.rb

View Code ZIP pw:eip

References (23)

[Broken Link] http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html

[Third Party Advisory] http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

[Broken Link] http://secunia.com/advisories/43751

[Broken Link] http://secunia.com/advisories/43757

[Broken Link] http://secunia.com/advisories/43772

[Broken Link] http://secunia.com/advisories/43856

[Broken Link] http://securityreason.com/securityalert/8152

[Vendor Advisory] http://www.adobe.com/support/security/advisories/apsa11-01.html

[Not Applicable] http://www.adobe.com/support/security/bulletins/apsb11-06.html

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/192052

[Broken Link] http://www.redhat.com/support/errata/RHSA-2011-0372.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/46860

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1025210

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1025211

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1025238

[Broken Link] http://www.vupen.com/english/advisories/2011/0655

[Broken Link] http://www.vupen.com/english/advisories/2011/0656

[Broken Link] http://www.vupen.com/english/advisories/2011/0688

[Broken Link] http://www.vupen.com/english/advisories/2011/0732

... and 3 more

Scores

CVSS v3 7.8

EPSS 0.9208

EPSS Percentile 99.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-06-08

VulnCheck KEV 2011-03-15

InTheWild.io 2018-10-30

ENISA EUVD EUVD-2011-0627

Status published

Products (14)

adobe/acrobat 10.0

adobe/acrobat 10.0.1

adobe/acrobat 9.0 - 9.4.2

adobe/acrobat_reader 10.0

adobe/acrobat_reader 10.0.1

adobe/acrobat_reader 9.0 - 9.4.2

adobe/air < 2.5.1

adobe/flash_player < 10.2.154.13

google/chrome < 10.0.648.134

opensuse/opensuse 11.2

... and 4 more

Published Mar 15, 2011

KEV Added Jun 08, 2022

Tracked Since Feb 18, 2026