CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.5%
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a βgroup of included constants,β object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
Vendor | Product | Version | CPE |
---|---|---|---|
adobe | flash_player | * | cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* |
apple | mac_os_x | - | cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* |
linux | linux_kernel | - | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
microsoft | windows | - | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
oracle | solaris | - | cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:* |
android | - | cpe:2.3:o:google:android:-:*:*:*:*:*:*:* | |
adobe | acrobat_reader | * | cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* |
adobe | adobe_air | * | cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:* |
adobe | acrobat | * | cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:* |
chrome | * | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* |
blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx
bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html
contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html
googlechromereleases.blogspot.com/2011/04/stable-channel-update.html
lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html
secunia.com/advisories/44119
secunia.com/advisories/44141
secunia.com/advisories/44149
secunia.com/blog/210/
securityreason.com/securityalert/8204
securityreason.com/securityalert/8292
www.adobe.com/support/security/advisories/apsa11-02.html
www.adobe.com/support/security/bulletins/apsb11-07.html
www.adobe.com/support/security/bulletins/apsb11-08.html
www.exploit-db.com/exploits/17175
www.kb.cert.org/vuls/id/230057
www.redhat.com/support/errata/RHSA-2011-0451.html
www.securityfocus.com/bid/47314
www.securitytracker.com/id?1025324
www.securitytracker.com/id?1025325
www.vupen.com/english/advisories/2011/0922
www.vupen.com/english/advisories/2011/0923
www.vupen.com/english/advisories/2011/0924
exchange.xforce.ibmcloud.com/vulnerabilities/66681
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175
More
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.5%