Vulnerability Description
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Flash Player | <= 10.2.154.13 |
| Apple | Mac Os X | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
| Oracle | Solaris | - |
| Android | - | |
| Adobe | Acrobat | >= 9.0, <= 9.4.2 |
| Adobe | Acrobat Reader | >= 9.0, <= 9.4.2 |
| Adobe | Air | <= 2.5.1 |
| Opensuse | Opensuse | 11.2 |
| Suse | Linux Enterprise | 10.0 |
| Chrome | < 10.0.648.134 | |
| Apple | Macos | - |
| Chrome Os | - |
References
- http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.htmlBroken Link
- http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updatesThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlMailing ListThird Party Advisory
- http://secunia.com/advisories/43751Broken Link
- http://secunia.com/advisories/43757Broken Link
- http://secunia.com/advisories/43772Broken Link
- http://secunia.com/advisories/43856Broken Link
- http://securityreason.com/securityalert/8152Broken Link
- http://www.adobe.com/support/security/advisories/apsa11-01.htmlVendor Advisory
- http://www.adobe.com/support/security/bulletins/apsb11-06.htmlNot Applicable
- http://www.kb.cert.org/vuls/id/192052Third Party AdvisoryUS Government Resource
- http://www.redhat.com/support/errata/RHSA-2011-0372.htmlBroken Link
- http://www.securityfocus.com/bid/46860Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1025210Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1025211Broken LinkThird Party AdvisoryVDB Entry
FAQ
What is CVE-2011-0609?
CVE-2011-0609 is a vulnerability with a CVSS score of 7.8 (HIGH). Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka...
How severe is CVE-2011-0609?
CVE-2011-0609 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0609?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Apple Mac Os X, Linux Linux Kernel, Microsoft Windows, Oracle Solaris.