CVE-2011-0611

HIGH KEV

Adobe Flash Player < 10.2.154.27 - Remote Code Execution via Crafted Flash Content

Title source: llm

Exploitation Summary

CVE-2011-0611 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022. EIP tracks 3 public exploits from researchers including Snake, Metasploit, sinn3r, including a Metasploit module exploits/windows/browser/adobe_flashplayer_flash10o.

AI-analyzed exploit summary This exploit targets a type confusion vulnerability in Adobe Reader X to bypass DEP/ASLR and achieve remote code execution. It is designed to work on multiple browsers and specific versions of Adobe Reader.

Description

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Snake · textlocalwindows

https://www.exploit-db.com/exploits/17473

View Code ZIP pw:eip

This exploit targets a type confusion vulnerability in Adobe Reader X to bypass DEP/ASLR and achieve remote code execution. It is designed to work on multiple browsers and specific versions of Adobe Reader.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Adobe Reader X < 10.1

No auth needed

Prerequisites: Adobe Reader X version 10.0.0 or 10.0.1 · Victim interaction to open a malicious PDF file

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17175

View Code ZIP pw:eip

This Metasploit module exploits a memory corruption vulnerability in Adobe Flash Player 10.2.153.1 by embedding a malicious SWF file, leading to arbitrary code execution via a crafted pointer overwrite.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player 10.2.153.1

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · Target must have vulnerable Adobe Flash Player version installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb

View Code ZIP pw:eip

This Metasploit module exploits a memory corruption vulnerability in Adobe Flash Player 10.2.153.1 by embedding a crafted SWF file, leading to arbitrary code execution. It includes heap spraying and ROP techniques for different browser and OS combinations.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Adobe Flash Player 10.2.153.1

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · Java Runtime Environment required for IE 8 targets

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (26)

Core 26

Core References

Broken Link vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/47314

Broken Link, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0922

Broken Link, Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-0451.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/66681

Broken Link, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0924

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1025325

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611

Exploit x_refsource_misc

http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html

Broken Link, Vendor Advisory x_refsource_misc

http://secunia.com/blog/210/

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8204

Mailing List, Patch vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html

Broken Link, Vendor Advisory x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb11-07.html

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8292

Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/44149

Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/44141

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/17175

Not Applicable x_refsource_misc

http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx

Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/44119

Broken Link, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/230057

Exploit, Issue Tracking x_refsource_misc

http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html

Broken Link, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0923

Broken Link, Vendor Advisory x_refsource_confirm

http://www.adobe.com/support/security/advisories/apsa11-02.html

Release Notes x_refsource_confirm

http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html

Broken Link, Vendor Advisory x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb11-08.html

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1025324

Scores

CVSS v3 8.8

EPSS 0.9348

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-03-03

VulnCheck KEV 2011-04-13

InTheWild.io 2018-10-30

ENISA EUVD EUVD-2011-0629

CWE

CWE-843

Status published

Products (10)

adobe/acrobat 9.0 - 9.4

adobe/acrobat_reader 9.0 - 9.4.4

adobe/adobe_air < 2.6.19140

adobe/flash_player < 10.2.154.27

google/chrome < 10.0.648.205

opensuse/opensuse 11.2

opensuse/opensuse 11.3

opensuse/opensuse 11.4

suse/linux_enterprise_desktop 10 sp4

suse/linux_enterprise_desktop 11 sp1

Published Apr 13, 2011

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026