CVE-2011-0609

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.

CVSS v3 7.8 HIGH
CVSS v2.0 9.3 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html	Broken Link
http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html	Mailing List Third Party Advisory
http://secunia.com/advisories/43751	Broken Link
http://secunia.com/advisories/43757	Broken Link
http://secunia.com/advisories/43772	Broken Link
http://secunia.com/advisories/43856	Broken Link
http://securityreason.com/securityalert/8152	Broken Link
http://www.adobe.com/support/security/advisories/apsa11-01.html	Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb11-06.html	Not Applicable
http://www.kb.cert.org/vuls/id/192052	Third Party Advisory US Government Resource
http://www.redhat.com/support/errata/RHSA-2011-0372.html	Broken Link
http://www.securityfocus.com/bid/46860	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1025210	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1025211	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1025238	Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2011/0655	Broken Link
http://www.vupen.com/english/advisories/2011/0656	Broken Link
http://www.vupen.com/english/advisories/2011/0688	Broken Link
http://www.vupen.com/english/advisories/2011/0732	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/66078	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:oracle:solaris:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:a:adobe:acrobat::::::::
	cpe:2.3:a:adobe:acrobat:10.0:::::::*
	cpe:2.3:a:adobe:acrobat:10.0.1:::::::*
	cpe:2.3:a:adobe:acrobat_reader::::::::
	cpe:2.3:a:adobe:acrobat_reader:10.0:::::::*
	cpe:2.3:a:adobe:acrobat_reader:10.0.1:::::::*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 4 (hide)

cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*

Configuration 5 (hide)

OR	cpe:2.3:o:opensuse:opensuse:11.2:::::::*
	cpe:2.3:o:opensuse:opensuse:11.3:::::::*
	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:suse:linux_enterprise:10.0:sp3::::::
	cpe:2.3:o:suse:linux_enterprise:11.0:sp1::::::

Configuration 6 (hide)

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:google:chrome_os:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

28 Jun 2024, 14:20

Information

Published : 2011-03-15 17:55

Updated : 2024-06-28 14:20

NVD link : CVE-2011-0609

Mitre link : CVE-2011-0609

CVE.ORG link : CVE-2011-0609

JSON object : View

Products Affected

apple

macos
mac_os_x

microsoft

windows

adobe

acrobat_reader
acrobat
flash_player
air

suse

linux_enterprise

opensuse

opensuse

google

chrome_os
chrome
android

linux

linux_kernel

oracle

solaris

CWE

NVD-CWE-noinfo

Type	Values Removed	Values Added
First Time		Apple macos Google chrome Os Opensuse opensuse Adobe air Google chrome Suse Suse linux Enterprise Opensuse
CPE	cpe:2.3:a:adobe:acrobat:9.4:::::::* cpe:2.3:a:adobe:acrobat_reader:9.3.4:::::::* cpe:2.3:a:adobe:acrobat_reader:9.3.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.3:::::::* cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::* cpe:2.3:a:adobe:flash_player:10.0.15.3:::::::* cpe:2.3:a:adobe:flash_player:8.0.35.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.28:::::::* cpe:2.3:a:adobe:flash_player:7.0.24.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.33.0:::::::* cpe:2.3:a:adobe:acrobat:9.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.0:::::::* cpe:2.3:a:adobe:flash_player:6.0.21.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.112.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.67.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.63:::::::* cpe:2.3:a:adobe:flash_player:9.0.246.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.20:::::::* cpe:2.3:a:adobe:flash_player:9.125.0:::::::* cpe:2.3:a:adobe:acrobat:9.1.1:::::::* cpe:2.3:a:adobe:flash_player:10.0.12.10:::::::* cpe:2.3:a:adobe:flash_player:10.1.95.2:::::::* cpe:2.3:a:adobe:flash_player:7.0.1:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.70.0:::::::* cpe:2.3:a:adobe:flash_player:10.1.82.76:::::::* cpe:2.3:a:adobe:flash_player:9.0.47.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.69.0:::::::* cpe:2.3:a:adobe:acrobat:9.3.1:::::::* cpe:2.3:a:adobe:flash_player:10.0.12.36:::::::* cpe:2.3:a:adobe:flash_player:10.0.22.87:::::::* cpe:2.3:a:adobe:flash_player:9.0.125.0:::::::* cpe:2.3:a:adobe:acrobat:9.0:::::::* cpe:2.3:a:adobe:acrobat:9.1.2:::::::* cpe:2.3:a:adobe:flash_player:9.0.45.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.22.0:::::::* cpe:2.3:a:adobe:acrobat_reader:9.2:::::::* cpe:2.3:a:adobe:flash_player:9.0.31:::::::* cpe:2.3:a:adobe:flash_player:9.0.151.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.283.0:::::::* cpe:2.3:a:adobe:flash_player:10.1.92.10:::::::* cpe:2.3:a:adobe:flash_player:8.0.42.0:::::::* cpe:2.3:a:adobe:acrobat_reader:9.3.1:::::::* cpe:2.3:a:adobe:flash_player:10.1.53.64:::::::* cpe:2.3:a:adobe:flash_player:7.0.19.0:::::::* cpe:2.3:a:adobe:flash_player:10.1.102.64:::::::* cpe:2.3:a:adobe:acrobat_reader:9.4.1:::::::* cpe:2.3:a:adobe:acrobat:9.3.2:::::::* cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::* cpe:2.3:a:adobe:flash_player:7.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1:::::::* cpe:2.3:a:adobe:flash_player:10.1.85.3:::::::* cpe:2.3:a:adobe:flash_player:7.0.60.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.61.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.16:::::::* cpe:2.3:a:adobe:flash_player:10.1.52.14.1:::::::* cpe:2.3:a:adobe:flash_player:10.2.152.32:::::::* cpe:2.3:a:adobe:flash_player:7.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.18d60:::::::* cpe:2.3:a:adobe:acrobat:9.1.3:::::::* cpe:2.3:a:adobe:acrobat:9.3:::::::* cpe:2.3:a:adobe:acrobat:9.4.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.2:::::::* cpe:2.3:a:adobe:flash_player:10.2.152.33:::::::* cpe:2.3:a:adobe:flash_player:8.0.24.0:::::::* cpe:2.3:a:adobe:flash_player:10.0.42.34:::::::* cpe:2.3:a:adobe:acrobat:9.3.4:::::::* cpe:2.3:a:adobe:acrobat_reader:9.4.2:::::::* cpe:2.3:a:adobe:flash_player:9.0.152.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.260.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.68.0:::::::* cpe:2.3:a:adobe:flash_player:10.0.45.2:::::::* cpe:2.3:a:adobe:flash_player:9.0.48.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.34.0:::::::* cpe:2.3:a:adobe:acrobat_reader:9.4:::::::* cpe:2.3:a:adobe:flash_player:9.0.115.0:::::::* cpe:2.3:o:google:android:::::::: cpe:2.3:a:adobe:acrobat_reader:9.1.3:::::::* cpe:2.3:a:adobe:flash_player:9.0.159.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.39.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.53.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.66.0:::::::* cpe:2.3:a:adobe:flash_player:10.2.152:::::::* cpe:2.3:a:adobe:flash_player:9.0.262.0:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.1:::::::* cpe:2.3:a:adobe:flash_player:10.1.95.1:::::::* cpe:2.3:a:adobe:flash_player:10.1.105.6:::::::* cpe:2.3:a:adobe:flash_player:6.0.79:::::::* cpe:2.3:a:adobe:flash_player:7.0.73.0:::::::* cpe:2.3:o:microsoft:windows:::::::: cpe:2.3:a:adobe:flash_player:7.2:::::::* cpe:2.3:o:apple:mac_os_x:::::::: cpe:2.3:a:adobe:acrobat_reader:9.3.3:::::::* cpe:2.3:a:adobe:acrobat:9.3.3:::::::* cpe:2.3:a:adobe:flash_player:9.0:::::::* cpe:2.3:a:adobe:flash_player:10.1.92.8:::::::* cpe:2.3:a:adobe:flash_player:10.0.32.18:::::::* cpe:2.3:a:adobe:flash_player:9.0.277.0:::::::* cpe:2.3:a:adobe:flash_player:10.0.0.584:::::::* cpe:2.3:a:adobe:flash_player:8.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.114.0:::::::* cpe:2.3:a:adobe:flash_player:7.1:::::::* cpe:2.3:a:adobe:acrobat:9.4.1:::::::* cpe:2.3:a:adobe:flash_player:9.0.124.0:::::::* cpe:2.3:o:oracle:solaris:::::::: cpe:2.3:a:adobe:flash_player:7.0.14.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.155.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.25:::::::* cpe:2.3:a:adobe:flash_player:10.1.52.15:::::::* cpe:2.3:a:adobe:acrobat:9.2:::::::*	cpe:2.3:a:adobe:acrobat:::::::: cpe:2.3:a:adobe:air:::::::: cpe:2.3:o:opensuse:opensuse:11.4:::::::* cpe:2.3:o:opensuse:opensuse:11.2:::::::* cpe:2.3:o:apple:macos:-:::::::* cpe:2.3:o:suse:linux_enterprise:11.0:sp1:::::: cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:oracle:solaris:-:::::::* cpe:2.3:o:google:android:-:::::::* cpe:2.3:o:apple:mac_os_x:-:::::::* cpe:2.3:o:google:chrome_os:-:::::::* cpe:2.3:o:opensuse:opensuse:11.3:::::::* cpe:2.3:o:suse:linux_enterprise:10.0:sp3:::::: cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:google:chrome:::::::: cpe:2.3:a:adobe:acrobat_reader::::::::
CVSS	v2 : ~~9.3~~ v3 : ~~unknown~~	v2 : 9.3 v3 : 7.8
References	~~() http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html -~~	() http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html - Broken Link
References	~~() http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html -~~	() http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html - Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html - Mailing List, Third Party Advisory
References	~~() http://secunia.com/advisories/43751 -~~	() http://secunia.com/advisories/43751 - Broken Link
References	~~() http://secunia.com/advisories/43757 -~~	() http://secunia.com/advisories/43757 - Broken Link
References	~~() http://secunia.com/advisories/43772 -~~	() http://secunia.com/advisories/43772 - Broken Link
References	~~() http://secunia.com/advisories/43856 -~~	() http://secunia.com/advisories/43856 - Broken Link
References	~~() http://securityreason.com/securityalert/8152 -~~	() http://securityreason.com/securityalert/8152 - Broken Link
References	~~() http://www.adobe.com/support/security/bulletins/apsb11-06.html -~~	() http://www.adobe.com/support/security/bulletins/apsb11-06.html - Not Applicable
References	~~() http://www.kb.cert.org/vuls/id/192052 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/192052 - Third Party Advisory, US Government Resource
References	~~() http://www.redhat.com/support/errata/RHSA-2011-0372.html -~~	() http://www.redhat.com/support/errata/RHSA-2011-0372.html - Broken Link
References	~~() http://www.securityfocus.com/bid/46860 -~~	() http://www.securityfocus.com/bid/46860 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id?1025210 -~~	() http://www.securitytracker.com/id?1025210 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id?1025211 -~~	() http://www.securitytracker.com/id?1025211 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id?1025238 -~~	() http://www.securitytracker.com/id?1025238 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.vupen.com/english/advisories/2011/0655 -~~	() http://www.vupen.com/english/advisories/2011/0655 - Broken Link
References	~~() http://www.vupen.com/english/advisories/2011/0656 -~~	() http://www.vupen.com/english/advisories/2011/0656 - Broken Link
References	~~() http://www.vupen.com/english/advisories/2011/0688 -~~	() http://www.vupen.com/english/advisories/2011/0688 - Broken Link
References	~~() http://www.vupen.com/english/advisories/2011/0732 -~~	() http://www.vupen.com/english/advisories/2011/0732 - Broken Link
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/66078 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/66078 - Third Party Advisory, VDB Entry
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147 - Broken Link

7.8 /10