cvelistv5 - cve-2011-0611

CVE-2011-0611 (GCVE-0-2011-0611)

Vulnerability from cvelistv5

Published

2011-04-13 14:00

Modified

2025-10-22 00:05

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Summary

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.

References

URL

Tags

	http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175	vdb-entry, signature, x_refsource_OVAL
	http://www.securityfocus.com/bid/47314	vdb-entry, x_refsource_BID
	http://secunia.com/blog/210/	x_refsource_MISC
	http://securityreason.com/securityalert/8204	third-party-advisory, x_refsource_SREASON
	http://www.vupen.com/english/advisories/2011/0922	vdb-entry, x_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2011-0451.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html	vendor-advisory, x_refsource_SUSE
	http://www.adobe.com/support/security/bulletins/apsb11-07.html	x_refsource_CONFIRM
	http://securityreason.com/securityalert/8292	third-party-advisory, x_refsource_SREASON
	http://secunia.com/advisories/44149	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/44141	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/66681	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2011/0924	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1025325	vdb-entry, x_refsource_SECTRACK
	http://www.exploit-db.com/exploits/17175	exploit, x_refsource_EXPLOIT-DB
	http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx	x_refsource_MISC
	http://secunia.com/advisories/44119	third-party-advisory, x_refsource_SECUNIA
	http://www.kb.cert.org/vuls/id/230057	third-party-advisory, x_refsource_CERT-VN
	http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html	x_refsource_MISC
	http://www.vupen.com/english/advisories/2011/0923	vdb-entry, x_refsource_VUPEN
	http://www.adobe.com/support/security/advisories/apsa11-02.html	x_refsource_CONFIRM
	http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html	x_refsource_CONFIRM
	http://www.adobe.com/support/security/bulletins/apsb11-08.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1025324	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2022-03-03

Due date: 2022-03-24

Required action: The impacted product is end-of-life and should be disconnected if still in use.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2011-0611

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:flash_player:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flash_player",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "10.2.154.27",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "air",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "2.6.19140",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:reader:9.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "reader",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "9.4.4",
                "status": "affected",
                "version": "9.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:reader:10.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "reader",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "10.0.3",
                "status": "affected",
                "version": "10.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "acrobat",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "10.0.3",
                "status": "affected",
                "version": "10.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "acrobat",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "9.4.4",
                "status": "affected",
                "version": "9.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2011-0611",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-02T14:05:34.031031Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-843",
                "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T00:05:49.821Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-03T00:00:00.000Z",
            "value": "CVE-2011-0611 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:58:26.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
          },
          {
            "name": "oval:org.mitre.oval:def:14175",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
          },
          {
            "name": "47314",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47314"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/blog/210/"
          },
          {
            "name": "8204",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8204"
          },
          {
            "name": "ADV-2011-0922",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0922"
          },
          {
            "name": "RHSA-2011:0451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
          },
          {
            "name": "SUSE-SA:2011:018",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
          },
          {
            "name": "8292",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8292"
          },
          {
            "name": "44149",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44149"
          },
          {
            "name": "44141",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44141"
          },
          {
            "name": "adobe-flash-swf-doc-ce(66681)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
          },
          {
            "name": "ADV-2011-0924",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0924"
          },
          {
            "name": "1025325",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025325"
          },
          {
            "name": "17175",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17175"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
          },
          {
            "name": "44119",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44119"
          },
          {
            "name": "VU#230057",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/230057"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
          },
          {
            "name": "ADV-2011-0923",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0923"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
          },
          {
            "name": "1025324",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025324"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
        },
        {
          "name": "oval:org.mitre.oval:def:14175",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
        },
        {
          "name": "47314",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47314"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/blog/210/"
        },
        {
          "name": "8204",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8204"
        },
        {
          "name": "ADV-2011-0922",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0922"
        },
        {
          "name": "RHSA-2011:0451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
        },
        {
          "name": "SUSE-SA:2011:018",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
        },
        {
          "name": "8292",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8292"
        },
        {
          "name": "44149",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44149"
        },
        {
          "name": "44141",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44141"
        },
        {
          "name": "adobe-flash-swf-doc-ce(66681)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
        },
        {
          "name": "ADV-2011-0924",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0924"
        },
        {
          "name": "1025325",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025325"
        },
        {
          "name": "17175",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17175"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
        },
        {
          "name": "44119",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44119"
        },
        {
          "name": "VU#230057",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/230057"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
        },
        {
          "name": "ADV-2011-0923",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0923"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
        },
        {
          "name": "1025324",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025324"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2011-0611",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html",
              "refsource": "MISC",
              "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
            },
            {
              "name": "oval:org.mitre.oval:def:14175",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
            },
            {
              "name": "47314",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47314"
            },
            {
              "name": "http://secunia.com/blog/210/",
              "refsource": "MISC",
              "url": "http://secunia.com/blog/210/"
            },
            {
              "name": "8204",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8204"
            },
            {
              "name": "ADV-2011-0922",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0922"
            },
            {
              "name": "RHSA-2011:0451",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
            },
            {
              "name": "SUSE-SA:2011:018",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb11-07.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
            },
            {
              "name": "8292",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8292"
            },
            {
              "name": "44149",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44149"
            },
            {
              "name": "44141",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44141"
            },
            {
              "name": "adobe-flash-swf-doc-ce(66681)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
            },
            {
              "name": "ADV-2011-0924",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0924"
            },
            {
              "name": "1025325",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025325"
            },
            {
              "name": "17175",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17175"
            },
            {
              "name": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
            },
            {
              "name": "44119",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44119"
            },
            {
              "name": "VU#230057",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/230057"
            },
            {
              "name": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html",
              "refsource": "MISC",
              "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
            },
            {
              "name": "ADV-2011-0923",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0923"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa11-02.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
            },
            {
              "name": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html",
              "refsource": "CONFIRM",
              "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb11-08.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
            },
            {
              "name": "1025324",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025324"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2011-0611",
    "datePublished": "2011-04-13T14:00:00.000Z",
    "dateReserved": "2011-01-20T00:00:00.000Z",
    "dateUpdated": "2025-10-22T00:05:49.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2011-0611",
      "cwes": "[\"CWE-843\"]",
      "dateAdded": "2022-03-03",
      "dueDate": "2022-03-24",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-0611",
      "product": "Flash Player",
      "requiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
      "shortDescription": "Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.",
      "vendorProject": "Adobe",
      "vulnerabilityName": "Adobe Flash Player Remote Code Execution Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175\", \"name\": \"oval:org.mitre.oval:def:14175\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/47314\", \"name\": \"47314\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/blog/210/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://securityreason.com/securityalert/8204\", \"name\": \"8204\", \"tags\": [\"third-party-advisory\", \"x_refsource_SREASON\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0922\", \"name\": \"ADV-2011-0922\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2011-0451.html\", \"name\": \"RHSA-2011:0451\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html\", \"name\": \"SUSE-SA:2011:018\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-07.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://securityreason.com/securityalert/8292\", \"name\": \"8292\", \"tags\": [\"third-party-advisory\", \"x_refsource_SREASON\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/44149\", \"name\": \"44149\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/44141\", \"name\": \"44141\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/66681\", \"name\": \"adobe-flash-swf-doc-ce(66681)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0924\", \"name\": \"ADV-2011-0924\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id?1025325\", \"name\": \"1025325\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://www.exploit-db.com/exploits/17175\", \"name\": \"17175\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/44119\", \"name\": \"44119\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/230057\", \"name\": \"VU#230057\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"]}, {\"url\": \"http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0923\", \"name\": \"ADV-2011-0923\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://www.adobe.com/support/security/advisories/apsa11-02.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-08.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id?1025324\", \"name\": \"1025324\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T21:58:26.000Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2011-0611\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-02T14:05:34.031031Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:adobe:flash_player:-:*:*:*:*:*:*:*\"], \"vendor\": \"adobe\", \"product\": \"flash_player\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"10.2.154.27\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*\"], \"vendor\": \"adobe\", \"product\": \"air\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.6.19140\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:adobe:reader:9.0:*:*:*:*:*:*:*\"], \"vendor\": \"adobe\", \"product\": \"reader\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0\", \"lessThan\": \"9.4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:adobe:reader:10.0:*:*:*:*:*:*:*\"], \"vendor\": \"adobe\", \"product\": \"reader\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0\", \"lessThan\": \"10.0.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*\"], \"vendor\": \"adobe\", \"product\": \"acrobat\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0\", \"lessThan\": \"10.0.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*\"], \"vendor\": \"adobe\", \"product\": \"acrobat\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0\", \"lessThan\": \"9.4.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-03T00:00:00.000Z\", \"value\": \"CVE-2011-0611 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-843\", \"description\": \"CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-19T17:13:08.969Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2011-04-11T00:00:00.000Z\", \"references\": [{\"url\": \"http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175\", \"name\": \"oval:org.mitre.oval:def:14175\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"http://www.securityfocus.com/bid/47314\", \"name\": \"47314\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://secunia.com/blog/210/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://securityreason.com/securityalert/8204\", \"name\": \"8204\", \"tags\": [\"third-party-advisory\", \"x_refsource_SREASON\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0922\", \"name\": \"ADV-2011-0922\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2011-0451.html\", \"name\": \"RHSA-2011:0451\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html\", \"name\": \"SUSE-SA:2011:018\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-07.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://securityreason.com/securityalert/8292\", \"name\": \"8292\", \"tags\": [\"third-party-advisory\", \"x_refsource_SREASON\"]}, {\"url\": \"http://secunia.com/advisories/44149\", \"name\": \"44149\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://secunia.com/advisories/44141\", \"name\": \"44141\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/66681\", \"name\": \"adobe-flash-swf-doc-ce(66681)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0924\", \"name\": \"ADV-2011-0924\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://www.securitytracker.com/id?1025325\", \"name\": \"1025325\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://www.exploit-db.com/exploits/17175\", \"name\": \"17175\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://secunia.com/advisories/44119\", \"name\": \"44119\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/230057\", \"name\": \"VU#230057\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"]}, {\"url\": \"http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0923\", \"name\": \"ADV-2011-0923\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://www.adobe.com/support/security/advisories/apsa11-02.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-08.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securitytracker.com/id?1025324\", \"name\": \"1025324\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \\\"group of included constants,\\\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\", \"dateUpdated\": \"2017-09-18T12:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html\", \"name\": \"http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175\", \"name\": \"oval:org.mitre.oval:def:14175\", \"refsource\": \"OVAL\"}, {\"url\": \"http://www.securityfocus.com/bid/47314\", \"name\": \"47314\", \"refsource\": \"BID\"}, {\"url\": \"http://secunia.com/blog/210/\", \"name\": \"http://secunia.com/blog/210/\", \"refsource\": \"MISC\"}, {\"url\": \"http://securityreason.com/securityalert/8204\", \"name\": \"8204\", \"refsource\": \"SREASON\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0922\", \"name\": \"ADV-2011-0922\", \"refsource\": \"VUPEN\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2011-0451.html\", \"name\": \"RHSA-2011:0451\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html\", \"name\": \"SUSE-SA:2011:018\", \"refsource\": \"SUSE\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-07.html\", \"name\": \"http://www.adobe.com/support/security/bulletins/apsb11-07.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://securityreason.com/securityalert/8292\", \"name\": \"8292\", \"refsource\": \"SREASON\"}, {\"url\": \"http://secunia.com/advisories/44149\", \"name\": \"44149\", \"refsource\": \"SECUNIA\"}, {\"url\": \"http://secunia.com/advisories/44141\", \"name\": \"44141\", \"refsource\": \"SECUNIA\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/66681\", \"name\": \"adobe-flash-swf-doc-ce(66681)\", \"refsource\": \"XF\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0924\", \"name\": \"ADV-2011-0924\", \"refsource\": \"VUPEN\"}, {\"url\": \"http://www.securitytracker.com/id?1025325\", \"name\": \"1025325\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://www.exploit-db.com/exploits/17175\", \"name\": \"17175\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx\", \"name\": \"http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx\", \"refsource\": \"MISC\"}, {\"url\": \"http://secunia.com/advisories/44119\", \"name\": \"44119\", \"refsource\": \"SECUNIA\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/230057\", \"name\": \"VU#230057\", \"refsource\": \"CERT-VN\"}, {\"url\": \"http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html\", \"name\": \"http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0923\", \"name\": \"ADV-2011-0923\", \"refsource\": \"VUPEN\"}, {\"url\": \"http://www.adobe.com/support/security/advisories/apsa11-02.html\", \"name\": \"http://www.adobe.com/support/security/advisories/apsa11-02.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html\", \"name\": \"http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-08.html\", \"name\": \"http://www.adobe.com/support/security/bulletins/apsb11-08.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securitytracker.com/id?1025324\", \"name\": \"1025324\", \"refsource\": \"SECTRACK\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \\\"group of included constants,\\\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2011-0611\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@adobe.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2011-0611\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-22T00:05:49.821Z\", \"dateReserved\": \"2011-01-20T00:00:00.000Z\", \"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"datePublished\": \"2011-04-13T14:00:00.000Z\", \"assignerShortName\": \"adobe\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTA-2011-AVI-250

Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans Reader et Acrobat permettant à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Des produits Adobe sont vulnérables à une faille permettant à une personne malintentionnée d'exécuter du code arbitraire à distance. La version 10.0.2 pour Windows n'a pas de correctif à ce jour. Cependant l'éditeur affirme que le mode protégé d'Adobe Reader X évite l'exploitation de la faille CVE-2011-0611.

Cette vulnérabilité fait l'objet de l'alerte CERTA-2011-ALE-003 (cf. Documentation).

Solution

Les versions suivantes corrigent le problème :

Adobe Reader 9.4.4 pour les systèmes Windows et Macintosh ;
Adobe Reader X (10.0.3) pour les systèmes Macintosh.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Adobe	Acrobat	Adobe Reader et Acrobat versions 10.0.2 et antérieures pour les systèmes Macintosh.
	Adobe	Acrobat	Adobe Reader et Acrobat versions 9.4.3 et antérieures pour les systèmes Windows et Macintosh ;

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB11-08 du 21 avril 2011	None	vendor-advisory
Document du CERTA CERTA-2011-ALE-003 du 19 avril 2011 :	-	other
Bulletin de sécurité Adobe apsb11-08 du 21 avril 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Reader et Acrobat versions 10.0.2 et ant\u00e9rieures pour les syst\u00e8mes Macintosh.",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Reader et Acrobat versions 9.4.3 et ant\u00e9rieures pour les syst\u00e8mes Windows et Macintosh ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDes produits Adobe sont vuln\u00e9rables \u00e0 une faille permettant \u00e0 une\npersonne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance. La\nversion 10.0.2 pour Windows n\u0027a pas de correctif \u00e0 ce jour. Cependant\nl\u0027\u00e9diteur affirme que le mode prot\u00e9g\u00e9 d\u0027Adobe Reader X \u00e9vite\nl\u0027exploitation de la faille CVE-2011-0611.\n\nCette vuln\u00e9rabilit\u00e9 fait l\u0027objet de l\u0027alerte CERTA-2011-ALE-003 (cf.\nDocumentation).\n\n## Solution\n\nLes versions suivantes corrigent le probl\u00e8me :\n\n-   Adobe Reader 9.4.4 pour les syst\u00e8mes Windows et Macintosh\u00a0;\n-   Adobe Reader X (10.0.3) pour les syst\u00e8mes Macintosh.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0610"
    },
    {
      "name": "CVE-2011-0611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0611"
    }
  ],
  "initial_release_date": "2011-04-22T00:00:00",
  "last_revision_date": "2011-04-22T00:00:00",
  "links": [
    {
      "title": "Document du CERTA CERTA-2011-ALE-003 du 19 avril 2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-ALE-003/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb11-08 du 21 avril 2011 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
    }
  ],
  "reference": "CERTA-2011-AVI-250",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans Reader et Acrobat permettant \u00e0 une\npersonne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Reader et Acrobat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB11-08 du 21 avril 2011",
      "url": null
    }
  ]
}

CERTA-2012-AVI-241

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans HP SIM (Systems Insight Manager). Trois systèmes d'exploitation sont concernés, HP-UX, Linux et Windows. Les vulnérabilités sont de différentes natures, exécution de code arbitraire à distance, accès non autorisés, injection de requêtes illégitimes par rebond (CSRF), redirection d'URL, contournement d'authentification et déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	HP-UX.B.11.23 ;
	N/A	N/A	HP-UX.B.11.31.

References

Title

Publication Time

Tags

Bulletin de sécurité HP c03298151 du 30 avril 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP-UX.B.11.23 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP-UX.B.11.31.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2134"
    },
    {
      "name": "CVE-2010-4476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4476"
    },
    {
      "name": "CVE-2011-2135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2135"
    },
    {
      "name": "CVE-2011-3558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3558"
    },
    {
      "name": "CVE-2012-1994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1994"
    },
    {
      "name": "CVE-2010-4470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4470"
    },
    {
      "name": "CVE-2011-3556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3556"
    },
    {
      "name": "CVE-2012-1999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1999"
    },
    {
      "name": "CVE-2012-1995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1995"
    },
    {
      "name": "CVE-2011-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2414"
    },
    {
      "name": "CVE-2011-0864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0864"
    },
    {
      "name": "CVE-2011-0868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0868"
    },
    {
      "name": "CVE-2011-2456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2456"
    },
    {
      "name": "CVE-2011-2450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2450"
    },
    {
      "name": "CVE-2011-0611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0611"
    },
    {
      "name": "CVE-2011-2429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2429"
    },
    {
      "name": "CVE-2011-2430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2430"
    },
    {
      "name": "CVE-2011-2415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2415"
    },
    {
      "name": "CVE-2011-2426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2426"
    },
    {
      "name": "CVE-2011-0866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0866"
    },
    {
      "name": "CVE-2011-2137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2137"
    },
    {
      "name": "CVE-2011-2458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2458"
    },
    {
      "name": "CVE-2011-2140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2140"
    },
    {
      "name": "CVE-2011-2425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2425"
    },
    {
      "name": "CVE-2011-2457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2457"
    },
    {
      "name": "CVE-2011-0871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0871"
    },
    {
      "name": "CVE-2011-2461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2461"
    },
    {
      "name": "CVE-2011-0786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0786"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2011-0802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0802"
    },
    {
      "name": "CVE-2011-2459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2459"
    },
    {
      "name": "CVE-2010-2227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2227"
    },
    {
      "name": "CVE-2011-2092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2092"
    },
    {
      "name": "CVE-2012-1996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1996"
    },
    {
      "name": "CVE-2011-2427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2427"
    },
    {
      "name": "CVE-2011-2428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2428"
    },
    {
      "name": "CVE-2011-0862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0862"
    },
    {
      "name": "CVE-2011-2139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2139"
    },
    {
      "name": "CVE-2011-2138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2138"
    },
    {
      "name": "CVE-2011-2451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2451"
    },
    {
      "name": "CVE-2011-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2136"
    },
    {
      "name": "CVE-2011-0865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0865"
    },
    {
      "name": "CVE-2011-2460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2460"
    },
    {
      "name": "CVE-2011-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2416"
    },
    {
      "name": "CVE-2011-0815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0815"
    },
    {
      "name": "CVE-2011-0817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0817"
    },
    {
      "name": "CVE-2011-0863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0863"
    },
    {
      "name": "CVE-2011-0873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0873"
    },
    {
      "name": "CVE-2011-0814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0814"
    },
    {
      "name": "CVE-2011-0788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0788"
    },
    {
      "name": "CVE-2011-0869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0869"
    },
    {
      "name": "CVE-2011-2130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2130"
    },
    {
      "name": "CVE-2012-1997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1997"
    },
    {
      "name": "CVE-2011-3557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3557"
    },
    {
      "name": "CVE-2011-2453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2453"
    },
    {
      "name": "CVE-2011-0867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0867"
    },
    {
      "name": "CVE-2011-2093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2093"
    },
    {
      "name": "CVE-2011-2452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2452"
    },
    {
      "name": "CVE-2011-2454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2454"
    },
    {
      "name": "CVE-2011-2455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2455"
    },
    {
      "name": "CVE-2011-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2417"
    },
    {
      "name": "CVE-2011-2445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2445"
    },
    {
      "name": "CVE-2011-0872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0872"
    },
    {
      "name": "CVE-2012-1998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1998"
    },
    {
      "name": "CVE-2011-2444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2444"
    }
  ],
  "initial_release_date": "2012-05-02T00:00:00",
  "last_revision_date": "2012-05-02T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-241",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-05-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHP SIM (Systems Insight Manager)\u003c/span\u003e. Trois syst\u00e8mes\nd\u0027exploitation sont concern\u00e9s, HP-UX, Linux et Windows. Les\nvuln\u00e9rabilit\u00e9s sont de diff\u00e9rentes natures, ex\u00e9cution de code arbitraire\n\u00e0 distance, acc\u00e8s non autoris\u00e9s, injection de requ\u00eates ill\u00e9gitimes par\nrebond (CSRF), redirection d\u0027URL, contournement d\u0027authentification et\nd\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP SIM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03298151 du 30 avril 2012",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151"
    }
  ]
}

CERTA-2011-AVI-234

Vulnerability from certfr_avis

Une vulnérabilité permettant l'exécution de code arbitraire à distance affecte des produits Adobe.

Description

Des produits Adobe sont vulnérables à une faille permettant à une personne malintentionnée d'exécuter du code arbitraire à distance.

L'éditeur rapporte que cette vulnérabilité est actuellement exploitée sur l'Internet, en particulier via des documents Microsoft Word spécialement conçus. Elle a d'ailleurs fait l'objet de l'alerte CERTA-2011-ALE-003 (cf. Documentation).

Solution

les versions suivantes corrigent le problème :

Adobe Flash Player version 10.2.159.1 ;
Adobe Flash Player dans Google Chrome version 10.2.154.27 soit Google Chrome 10.0.648.205 ;
Adobe AIR 2.6.19140.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player 10.1.156.12 et antérieures sur les systèmes Android ;
Adobe	N/A	Adobe Flash Player 10.2.154.25 et antérieures pour les utilisateurs de Chrome ;
Adobe	Acrobat	le composant authplay.dll contenu dans les versions 10.0.2 et antérieures de Adobe Acrobat et Reader pour les systèmes Windows et Macintosh.
Adobe	N/A	Adobe versions AIR 2.6.19120 et antérieures ;
Adobe	N/A	Adobe Flash Player 10.2.153.1 et antérieures sur les systèmes Microsoft Windows, Linux et Oracle Solaris ;

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB11-07 du 15 avril 2011	None	vendor-advisory
Bulletin de sécurité Adobe apsb11-07 du 15 avril 2011 :	-	other
Document du CERTA CERTA-2011-ALE-003 du 19 avril 2011 :	-	other
Notes de version Google Chrome :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player 10.1.156.12 et ant\u00e9rieures sur les syst\u00e8mes Android ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player 10.2.154.25 et ant\u00e9rieures pour les utilisateurs de Chrome ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "le composant authplay.dll contenu dans les versions 10.0.2 et ant\u00e9rieures de Adobe Acrobat et Reader pour les syst\u00e8mes Windows et Macintosh.",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe versions AIR 2.6.19120 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player 10.2.153.1 et ant\u00e9rieures sur les syst\u00e8mes Microsoft Windows, Linux et Oracle Solaris ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDes produits Adobe sont vuln\u00e9rables \u00e0 une faille permettant \u00e0 une\npersonne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\nL\u0027\u00e9diteur rapporte que cette vuln\u00e9rabilit\u00e9 est actuellement exploit\u00e9e\nsur l\u0027Internet, en particulier via des documents Microsoft Word\nsp\u00e9cialement con\u00e7us. Elle a d\u0027ailleurs fait l\u0027objet de l\u0027alerte\nCERTA-2011-ALE-003 (cf. Documentation).\n\n## Solution\n\nles versions suivantes corrigent le probl\u00e8me :\n\n-   Adobe Flash Player version 10.2.159.1 ;\n-   Adobe Flash Player dans Google Chrome version 10.2.154.27 soit\n    Google Chrome 10.0.648.205 ;\n-   Adobe AIR 2.6.19140.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0611"
    }
  ],
  "initial_release_date": "2011-04-19T00:00:00",
  "last_revision_date": "2011-04-19T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb11-07 du 15 avril 2011 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
    },
    {
      "title": "Document du CERTA CERTA-2011-ALE-003 du 19 avril 2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-ALE-003/index.html"
    },
    {
      "title": "Notes de version Google Chrome :",
      "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
    }
  ],
  "reference": "CERTA-2011-AVI-234",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance\naffecte des produits Adobe.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB11-07 du 15 avril 2011",
      "url": null
    }
  ]
}

CERTA-2011-ALE-003

Vulnerability from certfr_alerte

Une vulnérabilité permettant l'exécution de code arbitraire à distance affecte des produits Adobe. Elle est actuellement activement exploitée. L'éditeur a publié les correctifs pour toutes les versions concernées.

Description

Des produits Adobe sont vulnérables à une faille permettant à une personne malintentionnée d'exécuter du code arbitraire à distance.

L'éditeur rapporte que cette vulnérabilité est actuellement exploitée sur l'Internet, en particulier via des documents Microsoft Word spécialement conçus.

Mise à jour du 14 avril 2011 : l'éditeur annonce les dates de mise à disposition de correctifs suivantes :

15 avril 2011 pour Adobe Flash Player 10.2.x (tous les systèmes d'exploitation) ;
semaine du 25 avril 2011 pour Adobe Reader 9.x, pour Windows et MacOS ;
semaine du 25 avril pour Adobe Reader X (10.0.1) pour MacOS ;
14 juin 2011 pour Adobe Reader X (10.0.2) pour Windows.

Contournement provisoire

Il est possible de supprimer ou interdire l'accès à la DLL authplay.dll. Le Protected Mode inclus dans Adobe Reader X réduit les risques d'exploitation de la vulnérabilité.

Il est également recommandé d'utiliser un logiciel alternatif et à jour en attendant la publication du correctif.

Solution

Se référer aux bulletins de sécurité APSB11-07 et APSB11-16 (APSB11-16 inclut les corrections pour les vulnérabilités décrites dans les bulletins APSB11-06 et APSB11-08) de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	Acrobat	le composant authplay.dll contenu dans les versions 10.0.2 et antérieures de Adobe Acrobat et Reader pour les systèmes Windows et Macintosh.
Adobe	Acrobat	Adobe Flash Player 10.2.154.25 et antérieures pour les utilisateurs de Chrome ;
Adobe	Acrobat	Adobe Flash Player 10.2.153.1 et antérieures sur les systèmes Microsoft Windows, Linux et Oracle Solaris ;
Adobe	Acrobat	Adobe AIR versions 2.6.19120 et antérieures ;
Adobe	Acrobat	Adobe Flash Player 10.1.156.12 et antérieures sur les systèmes Android ;

References

Title

Publication Time

Tags

Alerte de sécurité Adobe APSA11-02 du 11 avril 2011	None	vendor-advisory
Bulletin de sécurité Adobe APSB11-07 du 15 avril 2011 :	-	other
Avis de sécurité du CERTA CERTA-2011-AVI-342 du 15 juin 2011 :	-	other
Bulletin de sécurité Adobe APSB11-16 du 14 juin 2011 :	-	other
Avis de sécurité du CERTA CERTA-2011-AVI-250 du 22 avril 2011 :	-	other
Avis de sécurité du CERTA CERTA-2011-AVI-234 du 19 avril 2011 :	-	other
Notes de version Google Chrome :	-	other
Bulletin de sécurité Adobe APSB11-08 du 21 avril 2011 :	-	other
Bulletin d'alerte Adobe APSA11-02 du 11 avril 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "le composant authplay.dll contenu dans les versions 10.0.2 et ant\u00e9rieures de Adobe Acrobat et Reader pour les syst\u00e8mes Windows et Macintosh.",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player 10.2.154.25 et ant\u00e9rieures pour les utilisateurs de Chrome ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player 10.2.153.1 et ant\u00e9rieures sur les syst\u00e8mes Microsoft Windows, Linux et Oracle Solaris ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe AIR versions 2.6.19120 et ant\u00e9rieures ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player 10.1.156.12 et ant\u00e9rieures sur les syst\u00e8mes Android ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2011-06-20",
  "content": "## Description\n\nDes produits Adobe sont vuln\u00e9rables \u00e0 une faille permettant \u00e0 une\npersonne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\nL\u0027\u00e9diteur rapporte que cette vuln\u00e9rabilit\u00e9 est actuellement exploit\u00e9e\nsur l\u0027Internet, en particulier via des documents Microsoft Word\nsp\u00e9cialement con\u00e7us.\n\n  \n  \n\n\u003cspan class=\"textbf\"\u003eMise \u00e0 jour du 14 avril 2011\u003c/span\u003e\u00a0: l\u0027\u00e9diteur\nannonce les dates de mise \u00e0 disposition de correctifs suivantes\u00a0:\n\n-   15 avril 2011 pour Adobe Flash Player 10.2.x (tous les syst\u00e8mes\n    d\u0027exploitation)\u00a0;\n-   semaine du 25 avril 2011 pour Adobe Reader 9.x, pour Windows et\n    MacOS\u00a0;\n-   semaine du 25 avril pour Adobe Reader X (10.0.1) pour MacOS\u00a0;\n-   14 juin 2011 pour Adobe Reader X (10.0.2) pour Windows.\n\n## Contournement provisoire\n\nIl est possible de supprimer ou interdire l\u0027acc\u00e8s \u00e0 la DLL authplay.dll.\nLe Protected Mode inclus dans Adobe Reader X r\u00e9duit les risques\nd\u0027exploitation de la vuln\u00e9rabilit\u00e9.\n\nIl est \u00e9galement recommand\u00e9 d\u0027utiliser un logiciel alternatif et \u00e0 jour\nen attendant la publication du correctif.  \n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 APSB11-07 et APSB11-16 (APSB11-16\ninclut les corrections pour les vuln\u00e9rabilit\u00e9s d\u00e9crites dans les\nbulletins APSB11-06 et APSB11-08) de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2097"
    },
    {
      "name": "CVE-2011-0610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0610"
    },
    {
      "name": "CVE-2011-0611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0611"
    },
    {
      "name": "CVE-2011-2096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2096"
    },
    {
      "name": "CVE-2011-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2105"
    },
    {
      "name": "CVE-2011-2102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2102"
    },
    {
      "name": "CVE-2011-2100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2100"
    },
    {
      "name": "CVE-2011-2104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2104"
    },
    {
      "name": "CVE-2011-2103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2103"
    },
    {
      "name": "CVE-2011-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2106"
    },
    {
      "name": "CVE-2011-2101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2101"
    },
    {
      "name": "CVE-2011-2098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2098"
    },
    {
      "name": "CVE-2011-2099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2099"
    },
    {
      "name": "CVE-2011-2094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2094"
    },
    {
      "name": "CVE-2011-2095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2095"
    }
  ],
  "initial_release_date": "2011-04-12T00:00:00",
  "last_revision_date": "2011-06-20T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB11-07 du 15 avril 2011 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 du CERTA CERTA-2011-AVI-342 du 15 juin    2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-342/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB11-16 du 14 juin 2011 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 du CERTA CERTA-2011-AVI-250 du 22 avril    2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-250/index.html"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 du CERTA CERTA-2011-AVI-234 du 19 avril    2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-234/index.html"
    },
    {
      "title": "Notes de version Google Chrome :",
      "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB11-08 du 21 avril 2011 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
    },
    {
      "title": "Bulletin d\u0027alerte Adobe APSA11-02 du 11 avril 2011 :",
      "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
    }
  ],
  "reference": "CERTA-2011-ALE-003",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-12T00:00:00.000000"
    },
    {
      "description": "annonce des dates de publication des correctifs.",
      "revision_date": "2011-04-14T00:00:00.000000"
    },
    {
      "description": "ajout du correctif Google Chrome.",
      "revision_date": "2011-04-15T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Adobe APSB11-07, de Adobe AIR dans les produits vuln\u00e9rables et de la solution partielle.",
      "revision_date": "2011-04-19T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Adobe APSB11-08, et des corrections Adobe Reader et Acrobat dans la solution partielle.",
      "revision_date": "2011-04-22T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Adobe APSB11-16 proposant l\u0027ensemble des correctifs pour Adobe Reader et Acrobat.",
      "revision_date": "2011-06-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance\naffecte des produits Adobe. Elle est actuellement activement exploit\u00e9e.\nL\u0027\u00e9diteur a publi\u00e9 les correctifs pour toutes les versions concern\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Flash Player, Adobe Reader et Acrobat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Alerte de s\u00e9curit\u00e9 Adobe APSA11-02 du 11 avril 2011",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-0611 (GCVE-0-2011-0611)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CERTA-2011-AVI-250

Vulnerability from certfr_avis

Description

Solution

CERTA-2012-AVI-241

Vulnerability from certfr_avis

Solution

CERTA-2011-AVI-234

Vulnerability from certfr_avis

Description

Solution

CERTA-2011-ALE-003

Vulnerability from certfr_alerte

Description

Contournement provisoire

Solution

Tags

Sightings

Nomenclature