Home > Vulnerability Database > CVE-2011-0611

Mend.io Vulnerability Database

CVE-2011-0611

Date: April 13, 2011

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.

Severity Score

8.8

Related Resources (28)

Url: http://securityreason.com/securityalert/8292

Url: http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html

Url: http://www.kb.cert.org/vuls/id/230057

Url: http://www.securityfocus.com/bid/47314

Url: http://secunia.com/blog/210/

Url: http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html

Url: http://secunia.com/advisories/44119

Url: http://www.securitytracker.com/id?1025324

Url: http://www.securitytracker.com/id?1025325

Url: http://www.redhat.com/support/errata/RHSA-2011-0451.html

Url: http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2011-0611

Url: http://www.adobe.com/support/security/advisories/apsa11-02.html

Url: http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx

Url: http://www.exploit-db.com/exploits/17175

Url: http://www.adobe.com/support/security/bulletins/apsb11-08.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175

Url: http://secunia.com/advisories/44141

Url: http://www.vupen.com/english/advisories/2011/0924

Url: http://www.vupen.com/english/advisories/2011/0923

Url: http://www.vupen.com/english/advisories/2011/0922

Url: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/66681

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-0611

Url: http://securityreason.com/securityalert/8204

Url: http://secunia.com/advisories/44149

Url: http://www.adobe.com/support/security/bulletins/apsb11-07.html

Url: https://www.mend.io/vulnerability-database/CVE-2011-0611

Severity Score

8.8

Weakness Type (CWE)

Buffer Errors

CWE-119

Access of Resource Using Incompatible Type ('Type Confusion')

CWE-843

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-0611

Date: April 13, 2011

Severity Score

Related Resources (28)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?