Vulnerability Description
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Flash Player | < 10.2.154.27 |
| Apple | Mac Os X | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
| Oracle | Solaris | - |
| Android | - | |
| Adobe | Acrobat Reader | >= 9.0, < 9.4.4 |
| Adobe | Adobe Air | < 2.6.19140 |
| Adobe | Acrobat | >= 9.0, < 9.4 |
| Chrome | < 10.0.648.205 | |
| Chrome Os | - | |
| Opensuse | Opensuse | 11.2 |
| Suse | Linux Enterprise Desktop | 10 |
Related Weaknesses (CWE)
References
- http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611Not Applicable
- http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.htExploit
- http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.hExploitIssue Tracking
- http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.htmlRelease Notes
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.htmlMailing ListPatch
- http://secunia.com/advisories/44119Broken LinkVendor Advisory
- http://secunia.com/advisories/44141Broken LinkVendor Advisory
- http://secunia.com/advisories/44149Broken LinkVendor Advisory
- http://secunia.com/blog/210/Broken LinkVendor Advisory
- http://securityreason.com/securityalert/8204Third Party Advisory
- http://securityreason.com/securityalert/8292Third Party Advisory
- http://www.adobe.com/support/security/advisories/apsa11-02.htmlBroken LinkVendor Advisory
- http://www.adobe.com/support/security/bulletins/apsb11-07.htmlBroken LinkVendor Advisory
- http://www.adobe.com/support/security/bulletins/apsb11-08.htmlBroken LinkVendor Advisory
- http://www.exploit-db.com/exploits/17175ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2011-0611?
CVE-2011-0611 is a vulnerability with a CVSS score of 8.8 (HIGH). Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Re...
How severe is CVE-2011-0611?
CVE-2011-0611 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0611?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Apple Mac Os X, Linux Linux Kernel, Microsoft Windows, Oracle Solaris.