Vulnerability-Lookup

CVE-2011-0611 (GCVE-0-2011-0611)

Vulnerability from cvelistv5 – Published: 2011-04-13 14:00 – Updated: 2025-10-22 00:05

Summary

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Assigner

adobe

References

URL

Tags

	http://bugix-security.blogspot.com/2011/04/cve-20…	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/47314	vdb-entryx_refsource_BID
	http://secunia.com/blog/210/	x_refsource_MISC
	http://securityreason.com/securityalert/8204	third-party-advisoryx_refsource_SREASON
	http://www.vupen.com/english/advisories/2011/0922	vdb-entryx_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2011-04…	vendor-advisoryx_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	http://securityreason.com/securityalert/8292	third-party-advisoryx_refsource_SREASON
	http://secunia.com/advisories/44149	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/44141	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2011/0924	vdb-entryx_refsource_VUPEN
	http://www.securitytracker.com/id?1025325	vdb-entryx_refsource_SECTRACK
	http://www.exploit-db.com/exploits/17175	exploitx_refsource_EXPLOIT-DB
	http://blogs.technet.com/b/mmpc/archive/2011/04/1…	x_refsource_MISC
	http://secunia.com/advisories/44119	third-party-advisoryx_refsource_SECUNIA
	http://www.kb.cert.org/vuls/id/230057	third-party-advisoryx_refsource_CERT-VN
	http://contagiodump.blogspot.com/2011/04/apr-8-cv…	x_refsource_MISC
	http://www.vupen.com/english/advisories/2011/0923	vdb-entryx_refsource_VUPEN
	http://www.adobe.com/support/security/advisories/…	x_refsource_CONFIRM
	http://googlechromereleases.blogspot.com/2011/04/…	x_refsource_CONFIRM
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1025324	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:flash_player:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flash_player",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "10.2.154.27",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "air",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "2.6.19140",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:reader:9.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "reader",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "9.4.4",
                "status": "affected",
                "version": "9.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:reader:10.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "reader",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "10.0.3",
                "status": "affected",
                "version": "10.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "acrobat",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "10.0.3",
                "status": "affected",
                "version": "10.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "acrobat",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "9.4.4",
                "status": "affected",
                "version": "9.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2011-0611",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-02T14:05:34.031031Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-843",
                "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T00:05:49.821Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-03T00:00:00.000Z",
            "value": "CVE-2011-0611 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:58:26.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
          },
          {
            "name": "oval:org.mitre.oval:def:14175",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
          },
          {
            "name": "47314",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47314"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/blog/210/"
          },
          {
            "name": "8204",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8204"
          },
          {
            "name": "ADV-2011-0922",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0922"
          },
          {
            "name": "RHSA-2011:0451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
          },
          {
            "name": "SUSE-SA:2011:018",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
          },
          {
            "name": "8292",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8292"
          },
          {
            "name": "44149",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44149"
          },
          {
            "name": "44141",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44141"
          },
          {
            "name": "adobe-flash-swf-doc-ce(66681)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
          },
          {
            "name": "ADV-2011-0924",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0924"
          },
          {
            "name": "1025325",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025325"
          },
          {
            "name": "17175",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17175"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
          },
          {
            "name": "44119",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44119"
          },
          {
            "name": "VU#230057",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/230057"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
          },
          {
            "name": "ADV-2011-0923",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0923"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
          },
          {
            "name": "1025324",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025324"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
        },
        {
          "name": "oval:org.mitre.oval:def:14175",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
        },
        {
          "name": "47314",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47314"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/blog/210/"
        },
        {
          "name": "8204",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8204"
        },
        {
          "name": "ADV-2011-0922",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0922"
        },
        {
          "name": "RHSA-2011:0451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
        },
        {
          "name": "SUSE-SA:2011:018",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
        },
        {
          "name": "8292",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8292"
        },
        {
          "name": "44149",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44149"
        },
        {
          "name": "44141",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44141"
        },
        {
          "name": "adobe-flash-swf-doc-ce(66681)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
        },
        {
          "name": "ADV-2011-0924",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0924"
        },
        {
          "name": "1025325",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025325"
        },
        {
          "name": "17175",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17175"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
        },
        {
          "name": "44119",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44119"
        },
        {
          "name": "VU#230057",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/230057"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
        },
        {
          "name": "ADV-2011-0923",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0923"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
        },
        {
          "name": "1025324",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025324"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2011-0611",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html",
              "refsource": "MISC",
              "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
            },
            {
              "name": "oval:org.mitre.oval:def:14175",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
            },
            {
              "name": "47314",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47314"
            },
            {
              "name": "http://secunia.com/blog/210/",
              "refsource": "MISC",
              "url": "http://secunia.com/blog/210/"
            },
            {
              "name": "8204",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8204"
            },
            {
              "name": "ADV-2011-0922",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0922"
            },
            {
              "name": "RHSA-2011:0451",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
            },
            {
              "name": "SUSE-SA:2011:018",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb11-07.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
            },
            {
              "name": "8292",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8292"
            },
            {
              "name": "44149",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44149"
            },
            {
              "name": "44141",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44141"
            },
            {
              "name": "adobe-flash-swf-doc-ce(66681)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
            },
            {
              "name": "ADV-2011-0924",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0924"
            },
            {
              "name": "1025325",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025325"
            },
            {
              "name": "17175",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17175"
            },
            {
              "name": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
            },
            {
              "name": "44119",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44119"
            },
            {
              "name": "VU#230057",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/230057"
            },
            {
              "name": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html",
              "refsource": "MISC",
              "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
            },
            {
              "name": "ADV-2011-0923",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0923"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa11-02.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
            },
            {
              "name": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html",
              "refsource": "CONFIRM",
              "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb11-08.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
            },
            {
              "name": "1025324",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025324"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2011-0611",
    "datePublished": "2011-04-13T14:00:00.000Z",
    "dateReserved": "2011-01-20T00:00:00.000Z",
    "dateUpdated": "2025-10-22T00:05:49.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2011-0611",
      "cwes": "[\"CWE-843\"]",
      "dateAdded": "2022-03-03",
      "dueDate": "2022-03-24",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-0611",
      "product": "Flash Player",
      "requiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
      "shortDescription": "Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.",
      "vendorProject": "Adobe",
      "vulnerabilityName": "Adobe Flash Player Remote Code Execution Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175\", \"name\": \"oval:org.mitre.oval:def:14175\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/47314\", \"name\": \"47314\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/blog/210/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://securityreason.com/securityalert/8204\", \"name\": \"8204\", \"tags\": [\"third-party-advisory\", \"x_refsource_SREASON\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0922\", \"name\": \"ADV-2011-0922\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2011-0451.html\", \"name\": \"RHSA-2011:0451\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html\", \"name\": \"SUSE-SA:2011:018\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-07.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://securityreason.com/securityalert/8292\", \"name\": \"8292\", \"tags\": [\"third-party-advisory\", \"x_refsource_SREASON\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/44149\", \"name\": \"44149\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/44141\", \"name\": \"44141\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/66681\", \"name\": \"adobe-flash-swf-doc-ce(66681)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0924\", \"name\": \"ADV-2011-0924\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id?1025325\", \"name\": \"1025325\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://www.exploit-db.com/exploits/17175\", \"name\": \"17175\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/44119\", \"name\": \"44119\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/230057\", \"name\": \"VU#230057\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"]}, {\"url\": \"http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0923\", \"name\": \"ADV-2011-0923\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://www.adobe.com/support/security/advisories/apsa11-02.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-08.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id?1025324\", \"name\": \"1025324\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T21:58:26.000Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2011-0611\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-02T14:05:34.031031Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:adobe:flash_player:-:*:*:*:*:*:*:*\"], \"vendor\": \"adobe\", \"product\": \"flash_player\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"10.2.154.27\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*\"], \"vendor\": \"adobe\", \"product\": \"air\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.6.19140\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:adobe:reader:9.0:*:*:*:*:*:*:*\"], \"vendor\": \"adobe\", \"product\": \"reader\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0\", \"lessThan\": \"9.4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:adobe:reader:10.0:*:*:*:*:*:*:*\"], \"vendor\": \"adobe\", \"product\": \"reader\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0\", \"lessThan\": \"10.0.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*\"], \"vendor\": \"adobe\", \"product\": \"acrobat\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0\", \"lessThan\": \"10.0.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*\"], \"vendor\": \"adobe\", \"product\": \"acrobat\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0\", \"lessThan\": \"9.4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-03T00:00:00.000Z\", \"value\": \"CVE-2011-0611 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-843\", \"description\": \"CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-19T17:13:08.969Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2011-04-11T00:00:00.000Z\", \"references\": [{\"url\": \"http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175\", \"name\": \"oval:org.mitre.oval:def:14175\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"http://www.securityfocus.com/bid/47314\", \"name\": \"47314\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://secunia.com/blog/210/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://securityreason.com/securityalert/8204\", \"name\": \"8204\", \"tags\": [\"third-party-advisory\", \"x_refsource_SREASON\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0922\", \"name\": \"ADV-2011-0922\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2011-0451.html\", \"name\": \"RHSA-2011:0451\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html\", \"name\": \"SUSE-SA:2011:018\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-07.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://securityreason.com/securityalert/8292\", \"name\": \"8292\", \"tags\": [\"third-party-advisory\", \"x_refsource_SREASON\"]}, {\"url\": \"http://secunia.com/advisories/44149\", \"name\": \"44149\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://secunia.com/advisories/44141\", \"name\": \"44141\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/66681\", \"name\": \"adobe-flash-swf-doc-ce(66681)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0924\", \"name\": \"ADV-2011-0924\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://www.securitytracker.com/id?1025325\", \"name\": \"1025325\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://www.exploit-db.com/exploits/17175\", \"name\": \"17175\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://secunia.com/advisories/44119\", \"name\": \"44119\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/230057\", \"name\": \"VU#230057\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"]}, {\"url\": \"http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0923\", \"name\": \"ADV-2011-0923\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://www.adobe.com/support/security/advisories/apsa11-02.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-08.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securitytracker.com/id?1025324\", \"name\": \"1025324\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \\\"group of included constants,\\\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\", \"dateUpdated\": \"2017-09-18T12:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html\", \"name\": \"http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175\", \"name\": \"oval:org.mitre.oval:def:14175\", \"refsource\": \"OVAL\"}, {\"url\": \"http://www.securityfocus.com/bid/47314\", \"name\": \"47314\", \"refsource\": \"BID\"}, {\"url\": \"http://secunia.com/blog/210/\", \"name\": \"http://secunia.com/blog/210/\", \"refsource\": \"MISC\"}, {\"url\": \"http://securityreason.com/securityalert/8204\", \"name\": \"8204\", \"refsource\": \"SREASON\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0922\", \"name\": \"ADV-2011-0922\", \"refsource\": \"VUPEN\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2011-0451.html\", \"name\": \"RHSA-2011:0451\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html\", \"name\": \"SUSE-SA:2011:018\", \"refsource\": \"SUSE\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-07.html\", \"name\": \"http://www.adobe.com/support/security/bulletins/apsb11-07.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://securityreason.com/securityalert/8292\", \"name\": \"8292\", \"refsource\": \"SREASON\"}, {\"url\": \"http://secunia.com/advisories/44149\", \"name\": \"44149\", \"refsource\": \"SECUNIA\"}, {\"url\": \"http://secunia.com/advisories/44141\", \"name\": \"44141\", \"refsource\": \"SECUNIA\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/66681\", \"name\": \"adobe-flash-swf-doc-ce(66681)\", \"refsource\": \"XF\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0924\", \"name\": \"ADV-2011-0924\", \"refsource\": \"VUPEN\"}, {\"url\": \"http://www.securitytracker.com/id?1025325\", \"name\": \"1025325\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://www.exploit-db.com/exploits/17175\", \"name\": \"17175\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx\", \"name\": \"http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx\", \"refsource\": \"MISC\"}, {\"url\": \"http://secunia.com/advisories/44119\", \"name\": \"44119\", \"refsource\": \"SECUNIA\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/230057\", \"name\": \"VU#230057\", \"refsource\": \"CERT-VN\"}, {\"url\": \"http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html\", \"name\": \"http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0923\", \"name\": \"ADV-2011-0923\", \"refsource\": \"VUPEN\"}, {\"url\": \"http://www.adobe.com/support/security/advisories/apsa11-02.html\", \"name\": \"http://www.adobe.com/support/security/advisories/apsa11-02.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html\", \"name\": \"http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-08.html\", \"name\": \"http://www.adobe.com/support/security/bulletins/apsb11-08.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securitytracker.com/id?1025324\", \"name\": \"1025324\", \"refsource\": \"SECTRACK\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \\\"group of included constants,\\\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2011-0611\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@adobe.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2011-0611\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-22T00:05:49.821Z\", \"dateReserved\": \"2011-01-20T00:00:00.000Z\", \"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"datePublished\": \"2011-04-13T14:00:00.000Z\", \"assignerShortName\": \"adobe\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2011-0611

Vulnerability from fkie_nvd - Published: 2011-04-13 14:55 - Updated: 2025-10-22 01:15

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@adobe.com	http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx	Not Applicable
psirt@adobe.com	http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html	Exploit
psirt@adobe.com	http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html	Exploit, Issue Tracking
psirt@adobe.com	http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html	Release Notes
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html	Mailing List, Patch
psirt@adobe.com	http://secunia.com/advisories/44119	Broken Link, Vendor Advisory
psirt@adobe.com	http://secunia.com/advisories/44141	Broken Link, Vendor Advisory
psirt@adobe.com	http://secunia.com/advisories/44149	Broken Link, Vendor Advisory
psirt@adobe.com	http://secunia.com/blog/210/	Broken Link, Vendor Advisory
psirt@adobe.com	http://securityreason.com/securityalert/8204	Third Party Advisory
psirt@adobe.com	http://securityreason.com/securityalert/8292	Third Party Advisory
psirt@adobe.com	http://www.adobe.com/support/security/advisories/apsa11-02.html	Broken Link, Vendor Advisory
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb11-07.html	Broken Link, Vendor Advisory
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb11-08.html	Broken Link, Vendor Advisory
psirt@adobe.com	http://www.exploit-db.com/exploits/17175	Exploit, Third Party Advisory, VDB Entry
psirt@adobe.com	http://www.kb.cert.org/vuls/id/230057	Broken Link, Third Party Advisory, US Government Resource
psirt@adobe.com	http://www.redhat.com/support/errata/RHSA-2011-0451.html	Broken Link, Vendor Advisory
psirt@adobe.com	http://www.securityfocus.com/bid/47314	Broken Link, Third Party Advisory, VDB Entry
psirt@adobe.com	http://www.securitytracker.com/id?1025324	Broken Link, Third Party Advisory, VDB Entry
psirt@adobe.com	http://www.securitytracker.com/id?1025325	Broken Link, Third Party Advisory, VDB Entry
psirt@adobe.com	http://www.vupen.com/english/advisories/2011/0922	Broken Link, Vendor Advisory
psirt@adobe.com	http://www.vupen.com/english/advisories/2011/0923	Broken Link, Vendor Advisory
psirt@adobe.com	http://www.vupen.com/english/advisories/2011/0924	Broken Link, Vendor Advisory
psirt@adobe.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/66681	Third Party Advisory, VDB Entry
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html	Exploit, Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html	Release Notes
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html	Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44119	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44141	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44149	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/blog/210/	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8204	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8292	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/advisories/apsa11-02.html	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb11-07.html	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb11-08.html	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/17175	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/230057	Broken Link, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0451.html	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47314	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025324	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025325	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0922	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0923	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0924	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/66681	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175	Broken Link
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611

Impacted products

Vendor	Product	Version
adobe	flash_player	*
apple	mac_os_x	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-
adobe	flash_player	*
google	android	-
adobe	acrobat_reader	*
adobe	acrobat_reader	*
microsoft	windows	-
adobe	adobe_air	*
adobe	acrobat_reader	*
adobe	acrobat_reader	*
apple	mac_os_x	-
adobe	acrobat	*
adobe	acrobat	*
apple	mac_os_x	-
microsoft	windows	-
google	chrome	*
apple	mac_os_x	-
google	chrome_os	-
linux	linux_kernel	-
microsoft	windows	-
opensuse	opensuse	11.2
opensuse	opensuse	11.3
opensuse	opensuse	11.4
suse	linux_enterprise_desktop	10
suse	linux_enterprise_desktop	11

JSON

To clipboard

{
  "cisaActionDue": "2022-03-24",
  "cisaExploitAdd": "2022-03-03",
  "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
  "cisaVulnerabilityName": "Adobe Flash Player Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4E1BEC-9158-405E-BCD1-0D354FFFC141",
              "versionEndExcluding": "10.2.154.27",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059035-6EA4-4D6F-800C-CEB9D394B933",
              "versionEndIncluding": "10.2.156.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A97142-27DF-46DD-9708-1CA202B7565C",
              "versionEndExcluding": "9.4.4",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43ADEFB3-9252-48C1-A6D5-BD2EE48A0E56",
              "versionEndIncluding": "10.0.1",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A80E525-2533-4598-8EB5-60A73D2F9253",
              "versionEndExcluding": "2.6.19140",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A97142-27DF-46DD-9708-1CA202B7565C",
              "versionEndExcluding": "9.4.4",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "595EBFC6-533E-4D91-B84D-D16A27E1BD0A",
              "versionEndExcluding": "10.0.3",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC4A665-19CA-495D-A00F-6B42EA627E0F",
              "versionEndExcluding": "9.4",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "705D34AF-DF94-4834-AE15-0E31E78AF60C",
              "versionEndExcluding": "10.0.3",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A4680B8-AC49-4E3C-8642-31BF8A60A327",
              "versionEndExcluding": "10.0.648.205",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*",
              "matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011."
    },
    {
      "lang": "es",
      "value": "Adobe Flash Player anterior a la versi\u00f3n 10.2.154.27 en Windows, Mac OS X, Linux y Solaris y 10.2.156.12 y versiones anteriores en Android; Adobe AIR anterior a versi\u00f3n 2.6.19140; y Authplay.dll (tambi\u00e9n se conoce como AuthPlayLib.bundle) en Adobe Reader versi\u00f3n  9.x anterior a 9.4.4 y versi\u00f3n  10.x hasta 10.0.1 en Windows, Adobe Reader versi\u00f3n  9.x anterior a 9.4.4 y versi\u00f3n 10.x anterior a 10.0.3 en Mac OS X y Adobe Acrobat versi\u00f3n 9.x anterior a 9.4.4 y versi\u00f3n  10.x anterior a 10.0.3 en Windows y Mac OS X permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio del contenido Flash creado; como lo demuestra un documento de Microsoft Office con un archivo.swf insertado que tiene una inconsistencia de tama\u00f1o en un \"group of included constants\", objeto de type confusion, ActionScript que agrega funciones personalizadas a los prototipos y date objects; y como explotados en la naturaleza en abril de 2011."
    }
  ],
  "id": "CVE-2011-0611",
  "lastModified": "2025-10-22T01:15:40.407",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2011-04-13T14:55:01.217",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Release Notes"
      ],
      "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44119"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44141"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44149"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/blog/210/"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/8204"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/8292"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/17175"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/230057"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/47314"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1025324"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1025325"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0922"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0923"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0924"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/blog/210/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/8204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/8292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/17175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/230057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/47314"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1025324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1025325"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-843"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-843"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CERTA-2012-AVI-241

Vulnerability from certfr_avis - Published: 2012-05-02 - Updated: 2012-05-02

De multiples vulnérabilités ont été corrigées dans HP SIM (Systems Insight Manager). Trois systèmes d'exploitation sont concernés, HP-UX, Linux et Windows. Les vulnérabilités sont de différentes natures, exécution de code arbitraire à distance, accès non autorisés, injection de requêtes illégitimes par rebond (CSRF), redirection d'URL, contournement d'authentification et déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	HP-UX.B.11.23 ;
	N/A	N/A	HP-UX.B.11.31.

References

Title

Publication Time

Tags

Bulletin de sécurité HP c03298151 du 30 avril 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP-UX.B.11.23 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP-UX.B.11.31.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2134"
    },
    {
      "name": "CVE-2010-4476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4476"
    },
    {
      "name": "CVE-2011-2135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2135"
    },
    {
      "name": "CVE-2011-3558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3558"
    },
    {
      "name": "CVE-2012-1994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1994"
    },
    {
      "name": "CVE-2010-4470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4470"
    },
    {
      "name": "CVE-2011-3556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3556"
    },
    {
      "name": "CVE-2012-1999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1999"
    },
    {
      "name": "CVE-2012-1995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1995"
    },
    {
      "name": "CVE-2011-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2414"
    },
    {
      "name": "CVE-2011-0864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0864"
    },
    {
      "name": "CVE-2011-0868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0868"
    },
    {
      "name": "CVE-2011-2456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2456"
    },
    {
      "name": "CVE-2011-2450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2450"
    },
    {
      "name": "CVE-2011-0611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0611"
    },
    {
      "name": "CVE-2011-2429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2429"
    },
    {
      "name": "CVE-2011-2430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2430"
    },
    {
      "name": "CVE-2011-2415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2415"
    },
    {
      "name": "CVE-2011-2426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2426"
    },
    {
      "name": "CVE-2011-0866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0866"
    },
    {
      "name": "CVE-2011-2137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2137"
    },
    {
      "name": "CVE-2011-2458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2458"
    },
    {
      "name": "CVE-2011-2140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2140"
    },
    {
      "name": "CVE-2011-2425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2425"
    },
    {
      "name": "CVE-2011-2457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2457"
    },
    {
      "name": "CVE-2011-0871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0871"
    },
    {
      "name": "CVE-2011-2461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2461"
    },
    {
      "name": "CVE-2011-0786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0786"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2011-0802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0802"
    },
    {
      "name": "CVE-2011-2459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2459"
    },
    {
      "name": "CVE-2010-2227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2227"
    },
    {
      "name": "CVE-2011-2092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2092"
    },
    {
      "name": "CVE-2012-1996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1996"
    },
    {
      "name": "CVE-2011-2427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2427"
    },
    {
      "name": "CVE-2011-2428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2428"
    },
    {
      "name": "CVE-2011-0862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0862"
    },
    {
      "name": "CVE-2011-2139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2139"
    },
    {
      "name": "CVE-2011-2138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2138"
    },
    {
      "name": "CVE-2011-2451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2451"
    },
    {
      "name": "CVE-2011-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2136"
    },
    {
      "name": "CVE-2011-0865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0865"
    },
    {
      "name": "CVE-2011-2460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2460"
    },
    {
      "name": "CVE-2011-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2416"
    },
    {
      "name": "CVE-2011-0815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0815"
    },
    {
      "name": "CVE-2011-0817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0817"
    },
    {
      "name": "CVE-2011-0863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0863"
    },
    {
      "name": "CVE-2011-0873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0873"
    },
    {
      "name": "CVE-2011-0814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0814"
    },
    {
      "name": "CVE-2011-0788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0788"
    },
    {
      "name": "CVE-2011-0869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0869"
    },
    {
      "name": "CVE-2011-2130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2130"
    },
    {
      "name": "CVE-2012-1997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1997"
    },
    {
      "name": "CVE-2011-3557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3557"
    },
    {
      "name": "CVE-2011-2453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2453"
    },
    {
      "name": "CVE-2011-0867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0867"
    },
    {
      "name": "CVE-2011-2093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2093"
    },
    {
      "name": "CVE-2011-2452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2452"
    },
    {
      "name": "CVE-2011-2454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2454"
    },
    {
      "name": "CVE-2011-2455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2455"
    },
    {
      "name": "CVE-2011-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2417"
    },
    {
      "name": "CVE-2011-2445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2445"
    },
    {
      "name": "CVE-2011-0872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0872"
    },
    {
      "name": "CVE-2012-1998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1998"
    },
    {
      "name": "CVE-2011-2444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2444"
    }
  ],
  "initial_release_date": "2012-05-02T00:00:00",
  "last_revision_date": "2012-05-02T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-241",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-05-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHP SIM (Systems Insight Manager)\u003c/span\u003e. Trois syst\u00e8mes\nd\u0027exploitation sont concern\u00e9s, HP-UX, Linux et Windows. Les\nvuln\u00e9rabilit\u00e9s sont de diff\u00e9rentes natures, ex\u00e9cution de code arbitraire\n\u00e0 distance, acc\u00e8s non autoris\u00e9s, injection de requ\u00eates ill\u00e9gitimes par\nrebond (CSRF), redirection d\u0027URL, contournement d\u0027authentification et\nd\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP SIM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03298151 du 30 avril 2012",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151"
    }
  ]
}

CERTA-2011-AVI-250

Vulnerability from certfr_avis - Published: 2011-04-22 - Updated: 2011-04-22

Une vulnérabilité a été corrigée dans Reader et Acrobat permettant à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Des produits Adobe sont vulnérables à une faille permettant à une personne malintentionnée d'exécuter du code arbitraire à distance. La version 10.0.2 pour Windows n'a pas de correctif à ce jour. Cependant l'éditeur affirme que le mode protégé d'Adobe Reader X évite l'exploitation de la faille CVE-2011-0611.

Cette vulnérabilité fait l'objet de l'alerte CERTA-2011-ALE-003 (cf. Documentation).

Solution

Les versions suivantes corrigent le problème :

Adobe Reader 9.4.4 pour les systèmes Windows et Macintosh ;
Adobe Reader X (10.0.3) pour les systèmes Macintosh.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Adobe	Acrobat	Adobe Reader et Acrobat versions 10.0.2 et antérieures pour les systèmes Macintosh.
	Adobe	Acrobat	Adobe Reader et Acrobat versions 9.4.3 et antérieures pour les systèmes Windows et Macintosh ;

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB11-08 du 21 avril 2011	None	vendor-advisory
Document du CERTA CERTA-2011-ALE-003 du 19 avril 2011 :	-	other
Bulletin de sécurité Adobe apsb11-08 du 21 avril 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Reader et Acrobat versions 10.0.2 et ant\u00e9rieures pour les syst\u00e8mes Macintosh.",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Reader et Acrobat versions 9.4.3 et ant\u00e9rieures pour les syst\u00e8mes Windows et Macintosh ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDes produits Adobe sont vuln\u00e9rables \u00e0 une faille permettant \u00e0 une\npersonne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance. La\nversion 10.0.2 pour Windows n\u0027a pas de correctif \u00e0 ce jour. Cependant\nl\u0027\u00e9diteur affirme que le mode prot\u00e9g\u00e9 d\u0027Adobe Reader X \u00e9vite\nl\u0027exploitation de la faille CVE-2011-0611.\n\nCette vuln\u00e9rabilit\u00e9 fait l\u0027objet de l\u0027alerte CERTA-2011-ALE-003 (cf.\nDocumentation).\n\n## Solution\n\nLes versions suivantes corrigent le probl\u00e8me :\n\n-   Adobe Reader 9.4.4 pour les syst\u00e8mes Windows et Macintosh\u00a0;\n-   Adobe Reader X (10.0.3) pour les syst\u00e8mes Macintosh.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0610"
    },
    {
      "name": "CVE-2011-0611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0611"
    }
  ],
  "initial_release_date": "2011-04-22T00:00:00",
  "last_revision_date": "2011-04-22T00:00:00",
  "links": [
    {
      "title": "Document du CERTA CERTA-2011-ALE-003 du 19 avril 2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-ALE-003/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb11-08 du 21 avril 2011 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
    }
  ],
  "reference": "CERTA-2011-AVI-250",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans Reader et Acrobat permettant \u00e0 une\npersonne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Reader et Acrobat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB11-08 du 21 avril 2011",
      "url": null
    }
  ]
}

CERTA-2011-AVI-234

Vulnerability from certfr_avis - Published: 2011-04-19 - Updated: 2011-04-19

Une vulnérabilité permettant l'exécution de code arbitraire à distance affecte des produits Adobe.

Description

Des produits Adobe sont vulnérables à une faille permettant à une personne malintentionnée d'exécuter du code arbitraire à distance.

L'éditeur rapporte que cette vulnérabilité est actuellement exploitée sur l'Internet, en particulier via des documents Microsoft Word spécialement conçus. Elle a d'ailleurs fait l'objet de l'alerte CERTA-2011-ALE-003 (cf. Documentation).

Solution

les versions suivantes corrigent le problème :

Adobe Flash Player version 10.2.159.1 ;
Adobe Flash Player dans Google Chrome version 10.2.154.27 soit Google Chrome 10.0.648.205 ;
Adobe AIR 2.6.19140.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player 10.1.156.12 et antérieures sur les systèmes Android ;
Adobe	N/A	Adobe Flash Player 10.2.154.25 et antérieures pour les utilisateurs de Chrome ;
Adobe	Acrobat	le composant authplay.dll contenu dans les versions 10.0.2 et antérieures de Adobe Acrobat et Reader pour les systèmes Windows et Macintosh.
Adobe	N/A	Adobe versions AIR 2.6.19120 et antérieures ;
Adobe	N/A	Adobe Flash Player 10.2.153.1 et antérieures sur les systèmes Microsoft Windows, Linux et Oracle Solaris ;

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB11-07 du 15 avril 2011	None	vendor-advisory
Bulletin de sécurité Adobe apsb11-07 du 15 avril 2011 :	-	other
Document du CERTA CERTA-2011-ALE-003 du 19 avril 2011 :	-	other
Notes de version Google Chrome :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player 10.1.156.12 et ant\u00e9rieures sur les syst\u00e8mes Android ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player 10.2.154.25 et ant\u00e9rieures pour les utilisateurs de Chrome ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "le composant authplay.dll contenu dans les versions 10.0.2 et ant\u00e9rieures de Adobe Acrobat et Reader pour les syst\u00e8mes Windows et Macintosh.",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe versions AIR 2.6.19120 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player 10.2.153.1 et ant\u00e9rieures sur les syst\u00e8mes Microsoft Windows, Linux et Oracle Solaris ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDes produits Adobe sont vuln\u00e9rables \u00e0 une faille permettant \u00e0 une\npersonne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\nL\u0027\u00e9diteur rapporte que cette vuln\u00e9rabilit\u00e9 est actuellement exploit\u00e9e\nsur l\u0027Internet, en particulier via des documents Microsoft Word\nsp\u00e9cialement con\u00e7us. Elle a d\u0027ailleurs fait l\u0027objet de l\u0027alerte\nCERTA-2011-ALE-003 (cf. Documentation).\n\n## Solution\n\nles versions suivantes corrigent le probl\u00e8me :\n\n-   Adobe Flash Player version 10.2.159.1 ;\n-   Adobe Flash Player dans Google Chrome version 10.2.154.27 soit\n    Google Chrome 10.0.648.205 ;\n-   Adobe AIR 2.6.19140.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0611"
    }
  ],
  "initial_release_date": "2011-04-19T00:00:00",
  "last_revision_date": "2011-04-19T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb11-07 du 15 avril 2011 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
    },
    {
      "title": "Document du CERTA CERTA-2011-ALE-003 du 19 avril 2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-ALE-003/index.html"
    },
    {
      "title": "Notes de version Google Chrome :",
      "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
    }
  ],
  "reference": "CERTA-2011-AVI-234",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance\naffecte des produits Adobe.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB11-07 du 15 avril 2011",
      "url": null
    }
  ]
}

CERTA-2011-ALE-003

Vulnerability from certfr_alerte - Published: 2011-04-12 - Updated: 2011-06-20

Une vulnérabilité permettant l'exécution de code arbitraire à distance affecte des produits Adobe. Elle est actuellement activement exploitée. L'éditeur a publié les correctifs pour toutes les versions concernées.

Description

Des produits Adobe sont vulnérables à une faille permettant à une personne malintentionnée d'exécuter du code arbitraire à distance.

L'éditeur rapporte que cette vulnérabilité est actuellement exploitée sur l'Internet, en particulier via des documents Microsoft Word spécialement conçus.

Mise à jour du 14 avril 2011 : l'éditeur annonce les dates de mise à disposition de correctifs suivantes :

15 avril 2011 pour Adobe Flash Player 10.2.x (tous les systèmes d'exploitation) ;
semaine du 25 avril 2011 pour Adobe Reader 9.x, pour Windows et MacOS ;
semaine du 25 avril pour Adobe Reader X (10.0.1) pour MacOS ;
14 juin 2011 pour Adobe Reader X (10.0.2) pour Windows.

Contournement provisoire

Il est possible de supprimer ou interdire l'accès à la DLL authplay.dll. Le Protected Mode inclus dans Adobe Reader X réduit les risques d'exploitation de la vulnérabilité.

Il est également recommandé d'utiliser un logiciel alternatif et à jour en attendant la publication du correctif.

Solution

Se référer aux bulletins de sécurité APSB11-07 et APSB11-16 (APSB11-16 inclut les corrections pour les vulnérabilités décrites dans les bulletins APSB11-06 et APSB11-08) de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	Acrobat	le composant authplay.dll contenu dans les versions 10.0.2 et antérieures de Adobe Acrobat et Reader pour les systèmes Windows et Macintosh.
Adobe	Acrobat	Adobe Flash Player 10.2.154.25 et antérieures pour les utilisateurs de Chrome ;
Adobe	Acrobat	Adobe Flash Player 10.2.153.1 et antérieures sur les systèmes Microsoft Windows, Linux et Oracle Solaris ;
Adobe	Acrobat	Adobe AIR versions 2.6.19120 et antérieures ;
Adobe	Acrobat	Adobe Flash Player 10.1.156.12 et antérieures sur les systèmes Android ;

References

Title

Publication Time

Tags

Alerte de sécurité Adobe APSA11-02 du 11 avril 2011	None	vendor-advisory
Bulletin de sécurité Adobe APSB11-07 du 15 avril 2011 :	-	other
Avis de sécurité du CERTA CERTA-2011-AVI-342 du 15 juin 2011 :	-	other
Bulletin de sécurité Adobe APSB11-16 du 14 juin 2011 :	-	other
Avis de sécurité du CERTA CERTA-2011-AVI-250 du 22 avril 2011 :	-	other
Avis de sécurité du CERTA CERTA-2011-AVI-234 du 19 avril 2011 :	-	other
Notes de version Google Chrome :	-	other
Bulletin de sécurité Adobe APSB11-08 du 21 avril 2011 :	-	other
Bulletin d'alerte Adobe APSA11-02 du 11 avril 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "le composant authplay.dll contenu dans les versions 10.0.2 et ant\u00e9rieures de Adobe Acrobat et Reader pour les syst\u00e8mes Windows et Macintosh.",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player 10.2.154.25 et ant\u00e9rieures pour les utilisateurs de Chrome ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player 10.2.153.1 et ant\u00e9rieures sur les syst\u00e8mes Microsoft Windows, Linux et Oracle Solaris ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe AIR versions 2.6.19120 et ant\u00e9rieures ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player 10.1.156.12 et ant\u00e9rieures sur les syst\u00e8mes Android ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2011-06-20",
  "content": "## Description\n\nDes produits Adobe sont vuln\u00e9rables \u00e0 une faille permettant \u00e0 une\npersonne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\nL\u0027\u00e9diteur rapporte que cette vuln\u00e9rabilit\u00e9 est actuellement exploit\u00e9e\nsur l\u0027Internet, en particulier via des documents Microsoft Word\nsp\u00e9cialement con\u00e7us.\n\n  \n  \n\n\u003cspan class=\"textbf\"\u003eMise \u00e0 jour du 14 avril 2011\u003c/span\u003e\u00a0: l\u0027\u00e9diteur\nannonce les dates de mise \u00e0 disposition de correctifs suivantes\u00a0:\n\n-   15 avril 2011 pour Adobe Flash Player 10.2.x (tous les syst\u00e8mes\n    d\u0027exploitation)\u00a0;\n-   semaine du 25 avril 2011 pour Adobe Reader 9.x, pour Windows et\n    MacOS\u00a0;\n-   semaine du 25 avril pour Adobe Reader X (10.0.1) pour MacOS\u00a0;\n-   14 juin 2011 pour Adobe Reader X (10.0.2) pour Windows.\n\n## Contournement provisoire\n\nIl est possible de supprimer ou interdire l\u0027acc\u00e8s \u00e0 la DLL authplay.dll.\nLe Protected Mode inclus dans Adobe Reader X r\u00e9duit les risques\nd\u0027exploitation de la vuln\u00e9rabilit\u00e9.\n\nIl est \u00e9galement recommand\u00e9 d\u0027utiliser un logiciel alternatif et \u00e0 jour\nen attendant la publication du correctif.  \n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 APSB11-07 et APSB11-16 (APSB11-16\ninclut les corrections pour les vuln\u00e9rabilit\u00e9s d\u00e9crites dans les\nbulletins APSB11-06 et APSB11-08) de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2097"
    },
    {
      "name": "CVE-2011-0610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0610"
    },
    {
      "name": "CVE-2011-0611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0611"
    },
    {
      "name": "CVE-2011-2096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2096"
    },
    {
      "name": "CVE-2011-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2105"
    },
    {
      "name": "CVE-2011-2102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2102"
    },
    {
      "name": "CVE-2011-2100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2100"
    },
    {
      "name": "CVE-2011-2104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2104"
    },
    {
      "name": "CVE-2011-2103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2103"
    },
    {
      "name": "CVE-2011-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2106"
    },
    {
      "name": "CVE-2011-2101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2101"
    },
    {
      "name": "CVE-2011-2098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2098"
    },
    {
      "name": "CVE-2011-2099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2099"
    },
    {
      "name": "CVE-2011-2094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2094"
    },
    {
      "name": "CVE-2011-2095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2095"
    }
  ],
  "initial_release_date": "2011-04-12T00:00:00",
  "last_revision_date": "2011-06-20T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB11-07 du 15 avril 2011 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 du CERTA CERTA-2011-AVI-342 du 15 juin    2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-342/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB11-16 du 14 juin 2011 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 du CERTA CERTA-2011-AVI-250 du 22 avril    2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-250/index.html"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 du CERTA CERTA-2011-AVI-234 du 19 avril    2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-234/index.html"
    },
    {
      "title": "Notes de version Google Chrome :",
      "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB11-08 du 21 avril 2011 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
    },
    {
      "title": "Bulletin d\u0027alerte Adobe APSA11-02 du 11 avril 2011 :",
      "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
    }
  ],
  "reference": "CERTA-2011-ALE-003",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-12T00:00:00.000000"
    },
    {
      "description": "annonce des dates de publication des correctifs.",
      "revision_date": "2011-04-14T00:00:00.000000"
    },
    {
      "description": "ajout du correctif Google Chrome.",
      "revision_date": "2011-04-15T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Adobe APSB11-07, de Adobe AIR dans les produits vuln\u00e9rables et de la solution partielle.",
      "revision_date": "2011-04-19T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Adobe APSB11-08, et des corrections Adobe Reader et Acrobat dans la solution partielle.",
      "revision_date": "2011-04-22T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Adobe APSB11-16 proposant l\u0027ensemble des correctifs pour Adobe Reader et Acrobat.",
      "revision_date": "2011-06-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance\naffecte des produits Adobe. Elle est actuellement activement exploit\u00e9e.\nL\u0027\u00e9diteur a publi\u00e9 les correctifs pour toutes les versions concern\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Flash Player, Adobe Reader et Acrobat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Alerte de s\u00e9curit\u00e9 Adobe APSA11-02 du 11 avril 2011",
      "url": null
    }
  ]
}

GHSA-XHQ8-8CQJ-Q337

Vulnerability from github – Published: 2022-05-14 02:15 – Updated: 2025-10-22 03:30

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-0611"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-04-13T14:55:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.",
  "id": "GHSA-xhq8-8cqj-q337",
  "modified": "2025-10-22T03:30:29Z",
  "published": "2022-05-14T02:15:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0611"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
    },
    {
      "type": "WEB",
      "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
    },
    {
      "type": "WEB",
      "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44119"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44141"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44149"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/blog/210"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8204"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8292"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/17175"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/230057"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/47314"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025324"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025325"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0922"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0923"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0924"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2011-0611

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-0611

Aliases

CVE-2011-0611

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-0611",
    "description": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.",
    "id": "GSD-2011-0611",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-0611.html",
      "https://access.redhat.com/errata/RHSA-2011:0451",
      "https://packetstormsecurity.com/files/cve/CVE-2011-0611"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-0611"
      ],
      "details": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.",
      "id": "GSD-2011-0611",
      "modified": "2023-12-13T01:19:04.825265Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2011-0611",
      "dateAdded": "2022-03-03",
      "dueDate": "2022-03-24",
      "product": "Flash Player",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Adobe Flash Player contains a vulnerability which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.",
      "vendorProject": "Adobe",
      "vulnerabilityName": "Adobe Flash Player Remote Code Execution Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2011-0611",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html",
            "refsource": "MISC",
            "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
          },
          {
            "name": "oval:org.mitre.oval:def:14175",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
          },
          {
            "name": "47314",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/47314"
          },
          {
            "name": "http://secunia.com/blog/210/",
            "refsource": "MISC",
            "url": "http://secunia.com/blog/210/"
          },
          {
            "name": "8204",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8204"
          },
          {
            "name": "ADV-2011-0922",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0922"
          },
          {
            "name": "RHSA-2011:0451",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
          },
          {
            "name": "SUSE-SA:2011:018",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb11-07.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
          },
          {
            "name": "8292",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8292"
          },
          {
            "name": "44149",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44149"
          },
          {
            "name": "44141",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44141"
          },
          {
            "name": "adobe-flash-swf-doc-ce(66681)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
          },
          {
            "name": "ADV-2011-0924",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0924"
          },
          {
            "name": "1025325",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025325"
          },
          {
            "name": "17175",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/17175"
          },
          {
            "name": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx",
            "refsource": "MISC",
            "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
          },
          {
            "name": "44119",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44119"
          },
          {
            "name": "VU#230057",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/230057"
          },
          {
            "name": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html",
            "refsource": "MISC",
            "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
          },
          {
            "name": "ADV-2011-0923",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0923"
          },
          {
            "name": "http://www.adobe.com/support/security/advisories/apsa11-02.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
          },
          {
            "name": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html",
            "refsource": "CONFIRM",
            "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb11-08.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
          },
          {
            "name": "1025324",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025324"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2022-03-24",
        "cisaExploitAdd": "2022-03-03",
        "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
        "cisaVulnerabilityName": "Adobe Flash Player Remote Code Execution Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FE4E1BEC-9158-405E-BCD1-0D354FFFC141",
                    "versionEndExcluding": "10.2.154.27",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "46059035-6EA4-4D6F-800C-CEB9D394B933",
                    "versionEndIncluding": "10.2.156.12",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E3A97142-27DF-46DD-9708-1CA202B7565C",
                    "versionEndExcluding": "9.4.4",
                    "versionStartIncluding": "9.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "43ADEFB3-9252-48C1-A6D5-BD2EE48A0E56",
                    "versionEndIncluding": "10.0.1",
                    "versionStartIncluding": "10.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1A80E525-2533-4598-8EB5-60A73D2F9253",
                    "versionEndExcluding": "2.6.19140",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E3A97142-27DF-46DD-9708-1CA202B7565C",
                    "versionEndExcluding": "9.4.4",
                    "versionStartIncluding": "9.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "595EBFC6-533E-4D91-B84D-D16A27E1BD0A",
                    "versionEndExcluding": "10.0.3",
                    "versionStartIncluding": "10.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EAC4A665-19CA-495D-A00F-6B42EA627E0F",
                    "versionEndExcluding": "9.4",
                    "versionStartIncluding": "9.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "705D34AF-DF94-4834-AE15-0E31E78AF60C",
                    "versionEndExcluding": "10.0.3",
                    "versionStartIncluding": "10.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2A4680B8-AC49-4E3C-8642-31BF8A60A327",
                    "versionEndExcluding": "10.0.648.205",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*",
                    "matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*",
                    "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011."
          },
          {
            "lang": "es",
            "value": "Adobe Flash Player anterior a la versi\u00f3n 10.2.154.27 en Windows, Mac OS X, Linux y Solaris y 10.2.156.12 y versiones anteriores en Android; Adobe AIR anterior a versi\u00f3n 2.6.19140; y Authplay.dll (tambi\u00e9n se conoce como AuthPlayLib.bundle) en Adobe Reader versi\u00f3n  9.x anterior a 9.4.4 y versi\u00f3n  10.x hasta 10.0.1 en Windows, Adobe Reader versi\u00f3n  9.x anterior a 9.4.4 y versi\u00f3n 10.x anterior a 10.0.3 en Mac OS X y Adobe Acrobat versi\u00f3n 9.x anterior a 9.4.4 y versi\u00f3n  10.x anterior a 10.0.3 en Windows y Mac OS X permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio del contenido Flash creado; como lo demuestra un documento de Microsoft Office con un archivo.swf insertado que tiene una inconsistencia de tama\u00f1o en un \"group of included constants\", objeto de type confusion, ActionScript que agrega funciones personalizadas a los prototipos y date objects; y como explotados en la naturaleza en abril de 2011."
          }
        ],
        "id": "CVE-2011-0611",
        "lastModified": "2024-02-02T02:39:19.227",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              "exploitabilityScore": 8.6,
              "impactScore": 10.0,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": true
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2011-04-13T14:55:01.217",
        "references": [
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Not Applicable"
            ],
            "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Exploit"
            ],
            "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Exploit",
              "Issue Tracking"
            ],
            "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Release Notes"
            ],
            "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/44119"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/44141"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/44149"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/blog/210/"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://securityreason.com/securityalert/8204"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://securityreason.com/securityalert/8292"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.exploit-db.com/exploits/17175"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "US Government Resource"
            ],
            "url": "http://www.kb.cert.org/vuls/id/230057"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/47314"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securitytracker.com/id?1025324"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securitytracker.com/id?1025325"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0922"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0923"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0924"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
          },
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Broken Link"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
          }
        ],
        "sourceIdentifier": "psirt@adobe.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-843"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

CVE-2011-0611

Vulnerability from fstec - Published: 11.04.2011

Title

Description

Уязвимость библиотеки Authplay.dll (AuthPlayLib.bundle) программной платформы Flash Player, программ просмотра и редактирования PDF-файлов Adobe Reader и Adobe Acrobat связана с выходом операции за границы буфера в памяти при использовании несовместимых типов данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код или вызвать отказ в обслуживании с помощью специально созданного вредоносного SWF файла

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Novell Inc., Adobe Systems Inc., Google Inc

Software Name

openSUSE, Suse Linux Enterprise Desktop, Flash Player, Adobe Integrated Runtime, Adobe Reader, Adobe Acrobat, Google Chrome

Software Version

11.3 (openSUSE), 11.4 (openSUSE), 11.2 (openSUSE), 10 SP4 (Suse Linux Enterprise Desktop), 11 SP1 (Suse Linux Enterprise Desktop), до 10.2.154.27 (Flash Player), до 10.2.156.12 включительно (Flash Player), до 2.6.19140 (Adobe Integrated Runtime), от 9.0 до 9.4.4 (Adobe Reader), от 10.0 до 10.0.1 включительно (Adobe Reader), от 10.0 до 10.0.3 (Adobe Reader), от 9.0 до 9.4.4 (Adobe Acrobat), от 10.0 до 10.0.3 (Adobe Acrobat), до 10.0.648.205 (Google Chrome)

Possible Mitigations

Использование рекомендаций: Для программных продуктов Adobe: https://www.adobe.com/support/security/advisories/apsa11-02.html Для Google Chrome: https://chromereleases.googleblog.com/2011/04/stable-channel-update.html Для программных продуктов Novell Inc.: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html

Reference

http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html http://securityreason.com/securityalert/8204 http://securityreason.com/securityalert/8292 http://www.adobe.com/support/security/advisories/apsa11-02.html http://www.adobe.com/support/security/bulletins/apsb11-07.html http://www.adobe.com/support/security/bulletins/apsb11-08.html http://www.exploit-db.com/exploits/17175 http://www.kb.cert.org/vuls/id/230057 http://www.redhat.com/support/errata/RHSA-2011-0451.html http://www.securityfocus.com/bid/47314 http://www.securitytracker.com/id?1025324 http://www.securitytracker.com/id?1025325 http://www.vupen.com/english/advisories/2011/0922 http://www.vupen.com/english/advisories/2011/0923 http://www.vupen.com/english/advisories/2011/0924 https://exchange.xforce.ibmcloud.com/vulnerabilities/66681 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175 https://safe-surf.ru/specialists/base-vulnerabilities/465555/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog

CWE

CWE-119, CWE-843

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., Adobe Systems Inc., Google Inc",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11.3 (openSUSE), 11.4 (openSUSE), 11.2 (openSUSE), 10 SP4 (Suse Linux Enterprise Desktop), 11 SP1 (Suse Linux Enterprise Desktop), \u0434\u043e 10.2.154.27 (Flash Player), \u0434\u043e 10.2.156.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Flash Player), \u0434\u043e 2.6.19140 (Adobe Integrated Runtime), \u043e\u0442 9.0 \u0434\u043e 9.4.4 (Adobe Reader), \u043e\u0442 10.0 \u0434\u043e 10.0.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Adobe Reader), \u043e\u0442 10.0 \u0434\u043e 10.0.3 (Adobe Reader), \u043e\u0442 9.0 \u0434\u043e 9.4.4 (Adobe Acrobat), \u043e\u0442 10.0 \u0434\u043e 10.0.3 (Adobe Acrobat), \u0434\u043e 10.0.648.205 (Google Chrome)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Adobe:\nhttps://www.adobe.com/support/security/advisories/apsa11-02.html\n\n\u0414\u043b\u044f Google Chrome:\nhttps://chromereleases.googleblog.com/2011/04/stable-channel-update.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.04.2011",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.07.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.07.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-04094",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2011-0611",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "openSUSE, Suse Linux Enterprise Desktop, Flash Player, Adobe Integrated Runtime, Adobe Reader, Adobe Acrobat, Google Chrome",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. openSUSE 11.3 , Novell Inc. openSUSE 11.4 , Novell Inc. openSUSE 11.2 , Novell Inc. Suse Linux Enterprise Desktop 10 SP4 , Novell Inc. Suse Linux Enterprise Desktop 11 SP1 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Authplay.dll (AuthPlayLib.bundle) \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Flash Player, \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0438 \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PDF-\u0444\u0430\u0439\u043b\u043e\u0432 Adobe Reader \u0438 Adobe Acrobat, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119), \u0414\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0435\u0441\u0443\u0440\u0441\u0443 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u044b\u0435 \u0442\u0438\u043f\u044b (CWE-843)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Authplay.dll (AuthPlayLib.bundle) \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Flash Player, \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0438 \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PDF-\u0444\u0430\u0439\u043b\u043e\u0432 Adobe Reader \u0438 Adobe Acrobat \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043d\u0435\u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u044b\u0445 \u0442\u0438\u043f\u043e\u0432 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e SWF \u0444\u0430\u0439\u043b\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx \nhttp://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html \nhttp://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html \nhttp://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html \nhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html \nhttp://securityreason.com/securityalert/8204 \nhttp://securityreason.com/securityalert/8292 \nhttp://www.adobe.com/support/security/advisories/apsa11-02.html \nhttp://www.adobe.com/support/security/bulletins/apsb11-07.html \nhttp://www.adobe.com/support/security/bulletins/apsb11-08.html \nhttp://www.exploit-db.com/exploits/17175 \nhttp://www.kb.cert.org/vuls/id/230057 \nhttp://www.redhat.com/support/errata/RHSA-2011-0451.html \nhttp://www.securityfocus.com/bid/47314 \nhttp://www.securitytracker.com/id?1025324 \nhttp://www.securitytracker.com/id?1025325 \nhttp://www.vupen.com/english/advisories/2011/0922 \nhttp://www.vupen.com/english/advisories/2011/0923 \nhttp://www.vupen.com/english/advisories/2011/0924 \nhttps://exchange.xforce.ibmcloud.com/vulnerabilities/66681 \nhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175\nhttps://safe-surf.ru/specialists/base-vulnerabilities/465555/\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119, CWE-843",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-0611 (GCVE-0-2011-0611)

Solution

Description

Solution

Description

Solution

Description

Contournement provisoire

Solution

Tags

Sightings

Nomenclature