CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.8%
Added: 03/30/2011
CVE: CVE-2011-0609
BID: 46860
OSVDB: 71254
Adobe Reader is free software for viewing PDF documents.
Adobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player.
Update Adobe Flash Player to version 10.2.153.1 or later, Adobe AIR to version 2.6 or later, Adobe Reader X to version 10.0.2 or later, and Adobe Reader to version 9.4.3 or later.
<http://www.kb.cert.org/vuls/id/192052>
<http://www.adobe.com/support/security/advisories/apsa11-01.html>
<http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html>
This exploit works against Adobe Systems Adobe Reader 9.4.0 running on Microsoft Windows XP SP3 English (DEP AlwaysOff) or Microsoft Windows Vista SP2 English (DEP AlwaysOff).
Windows