CVE-2011-0611

CVE Database · CVE-2011-0611

CVE-2011-0611

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

99.41%

Published

Apr 13, 2011

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-03 · Due: 2022-03-24

The impacted product is end-of-life and should be disconnected if still in use.

Public PoC / Exploit (3)

All weaponized →

Exploit-DBAdobe Reader X 10.0.0 < 10.0.1 - Atom Type Confusion Exploit-DBAdobe Flash Player 10.2.153.1 - SWF Memory Corruption (Metasploit)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-843CWE-843

Affected Products (28)

adobe · flash_player (up to 10.2.154.27)vulnerable

apple · mac_os_x

linux · linux_kernel

microsoft · windows

oracle · solaris

adobe · flash_playervulnerable

google · android