← back
CVE-2011-0609

CVE-2011-0609

CVSS 7.8 HIGHEPSS 66.8%● KEV
In short

A flaw in Adobe Flash Player and Adobe Reader/Acrobat allows attackers to run malicious code or crash the application when you open a specially crafted file, such as a Flash movie hidden in a document or spreadsheet.

Technical detail

Unspecified vulnerability in Adobe Flash Player (≤10.2.154.13), Adobe AIR (≤2.5.1), and AuthPlay.dll in Adobe Reader/Acrobat (9.x–10.0.1) enables remote code execution or denial of service via crafted SWF content; attack vector is opening malicious documents or embedded Flash files; exploited in the wild via Excel spreadsheets in March 2011.

Summary generated and translated by AI from the official description.
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/17027unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.htmlhttp://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://secunia.com/advisories/43751http://secunia.com/advisories/43757http://secunia.com/advisories/43772http://secunia.com/advisories/43856http://securityreason.com/securityalert/8152https://exchange.xforce.ibmcloud.com/vulnerabilities/66078https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0609http://www.adobe.com/support/security/advisories/apsa11-01.html