CVE-2011-0609

HIGH

Description

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.

References

http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html

http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://secunia.com/advisories/43751

http://secunia.com/advisories/43757

http://secunia.com/advisories/43772

http://secunia.com/advisories/43856

http://securityreason.com/securityalert/8152

http://www.adobe.com/support/security/advisories/apsa11-01.html

http://www.adobe.com/support/security/bulletins/apsb11-06.html

http://www.kb.cert.org/vuls/id/192052

http://www.redhat.com/support/errata/RHSA-2011-0372.html

http://www.securityfocus.com/bid/46860

http://www.securitytracker.com/id?1025210

http://www.securitytracker.com/id?1025211

http://www.securitytracker.com/id?1025238

http://www.vupen.com/english/advisories/2011/0655

http://www.vupen.com/english/advisories/2011/0656

http://www.vupen.com/english/advisories/2011/0688

http://www.vupen.com/english/advisories/2011/0732

https://exchange.xforce.ibmcloud.com/vulnerabilities/66078

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147

Details

Source: MITRE

Published: 2011-03-15

Updated: 2018-10-30

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH