CVE-2011-2110

EXPLOITED IN THE WILD

Adobe Flash Player <10.3.181.26-10.3.185.23 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2011-2110 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 2 public exploits from researchers including Metasploit, including a Metasploit module exploits/windows/browser/adobe_flashplayer_arrayindexing.

AI-analyzed exploit summary This Metasploit module exploits a vulnerability in Adobe Flash Player (CVE-2011-2110) by leveraging an AVM2 verification logic flaw to achieve remote code execution. It bypasses ASLR/DEP and is designed to work against multiple browsers and Windows platforms.

Description

Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/19295

This Metasploit module exploits a vulnerability in Adobe Flash Player (CVE-2011-2110) by leveraging an AVM2 verification logic flaw to achieve remote code execution. It bypasses ASLR/DEP and is designed to work against multiple browsers and Windows platforms.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Flash Player <= 10.3.181.23
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Adobe Flash Player must be installed and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flashplayer_arrayindexing.rb

This Metasploit module exploits CVE-2011-2110, a vulnerability in Adobe Flash Player's AVM2 verification logic, allowing arbitrary code execution via unsafe JIT code execution. It bypasses ASLR/DEP and is reliable across multiple browsers and Windows platforms.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player versions 10.3.181.23 and earlier
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Adobe Flash Player must be installed and vulnerable
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14091
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48308
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44950
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16252
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68029
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44941
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0869.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44964
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-166A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025651
Various Sources vendor-advisory x_refsource_suse
https://hermes.opensuse.org/messages/8782873
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb11-18.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44924

Scores

EPSS 0.9150
EPSS Percentile 99.7%

Details

VulnCheck KEV 2011-06-16
InTheWild.io 2018-10-30
CWE
CWE-119
Status published
Products (50)
adobe/flash_player 6.0.21.0
adobe/flash_player 6.0.79
adobe/flash_player 7.0
adobe/flash_player 7.0.1
adobe/flash_player 7.0.14.0
adobe/flash_player 7.0.19.0
adobe/flash_player 7.0.24.0
adobe/flash_player 7.0.25
adobe/flash_player 7.0.53.0
adobe/flash_player 7.0.60.0
... and 40 more
Published Jun 16, 2011
Tracked Since Feb 18, 2026