CVE-2011-0627

HIGH EXPLOITED IN THE WILD

Adobe Flash Player < 10.3.181.14 - Remote Code Execution via Crafted Flash Content

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2011-0627 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16053
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13914
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb11-12.html

Scores

CVSS v3 8.8
EPSS 0.0507
EPSS Percentile 91.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

VulnCheck KEV 2011-05-12
InTheWild.io 2018-10-30
CWE
CWE-20
Status published
Products (50)
adobe/flash_player 6.0.21.0
adobe/flash_player 6.0.79
adobe/flash_player 7.0
adobe/flash_player 7.0.1
adobe/flash_player 7.0.14.0
adobe/flash_player 7.0.19.0
adobe/flash_player 7.0.24.0
adobe/flash_player 7.0.25
adobe/flash_player 7.0.53.0
adobe/flash_player 7.0.60.0
... and 40 more
Published May 13, 2011
Tracked Since Feb 18, 2026