CVE-2011-0609
CVE-2011-0609
Vexday Risk Score
98Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 66.8%KEV simPoC públicaNuclei —Metasploit simPatch referenciado
Lifecycle
15 Mar 2011Metasploit module available
15 Mar 2011Published on NVD
23 Mar 2011Public PoC
08 Jun 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
Who exploits it — 1
Groups known to exploit this vulnerability (MITRE ATT&CK attribution).
In short
A flaw in Adobe Flash Player and Adobe Reader/Acrobat allows attackers to run malicious code or crash the application when you open a specially crafted file, such as a Flash movie hidden in a document or spreadsheet.
Technical detail
Unspecified vulnerability in Adobe Flash Player (≤10.2.154.13), Adobe AIR (≤2.5.1), and AuthPlay.dll in Adobe Reader/Acrobat (9.x–10.0.1) enables remote code execution or denial of service via crafted SWF content; attack vector is opening malicious documents or embedded Flash files; exploited in the wild via Excel spreadsheets in March 2011.
Summary generated and translated by AI from the official description.
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/17027unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.htmlhttp://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://secunia.com/advisories/43751http://secunia.com/advisories/43757http://secunia.com/advisories/43772http://secunia.com/advisories/43856http://securityreason.com/securityalert/8152https://exchange.xforce.ibmcloud.com/vulnerabilities/66078https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0609http://www.adobe.com/support/security/advisories/apsa11-01.html