PRIOn knowledge basePRION:CVE-2011-0611Type confusion
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a βgroup of included constants,β object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
| CPE | Name | Operator | Version |
|---|---|---|---|
| acrobat | ge | 9.0 | |
| acrobat | lt | 9.4 | |
| acrobat | ge | 10.0 | |
| acrobat | lt | 10.0.3 | |
| acrobat_reader | ge | 9.0 | |
| acrobat_reader | lt | 9.4.4 | |
| acrobat_reader | ge | 10.0 | |
| acrobat_reader | le | 10.0.1 | |
| acrobat_reader | ge | 9.0 | |
| acrobat_reader | lt | 9.4.4 |
References
blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx
lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html
secunia.com/advisories/44119
secunia.com/advisories/44141
secunia.com/advisories/44149
secunia.com/blog/210/
securityreason.com/securityalert/8204
securityreason.com/securityalert/8292
www.adobe.com/support/security/advisories/apsa11-02.html
www.adobe.com/support/security/bulletins/apsb11-07.html
www.adobe.com/support/security/bulletins/apsb11-08.html
www.kb.cert.org/vuls/id/230057
www.redhat.com/support/errata/RHSA-2011-0451.html
www.securityfocus.com/bid/47314
www.securitytracker.com/id?1025324
www.securitytracker.com/id?1025325
www.vupen.com/english/advisories/2011/0922
www.vupen.com/english/advisories/2011/0923
www.vupen.com/english/advisories/2011/0924
bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html
contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html
exchange.xforce.ibmcloud.com/vulnerabilities/66681
googlechromereleases.blogspot.com/2011/04/stable-channel-update.html
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175
www.exploit-db.com/exploits/17175
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%