CVE-2011-0609

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
Severity
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Atk. Vector
LOCAL
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
adobeflash_player
𝑥
≤ 10.2.154.13
adobeflash_player
𝑥
≤ 10.1.106.16
adobeacrobat
9.0 ≤
𝑥
≤ 9.4.2
adobeacrobat
10.0
adobeacrobat
10.0.1
adobeacrobat_reader
9.0 ≤
𝑥
≤ 9.4.2
adobeacrobat_reader
10.0
adobeacrobat_reader
10.0.1
adobeair
𝑥
≤ 2.5.1
opensuseopensuse
11.2
opensuseopensuse
11.3
opensuseopensuse
11.4
suselinux_enterprise
10.0
suselinux_enterprise
11.0
googlechrome
𝑥
< 10.0.648.134
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
acroread
maverick
not-affected
lucid
not-affected
karmic
not-affected
hardy
not-affected
dapper
ignored
adobe-flashplugin
maverick
Fixed 10.2.153.1-0maverick1
released
lucid
Fixed 10.2.153.1-0lucid1
released
karmic
Fixed 10.2.153.1-0karmic1
released
hardy
Fixed 10.2.153.1-0hardy1
released
dapper
dne
flashplugin-nonfree
maverick
Fixed 10.2.153.1ubuntu0.10.10.1
released
lucid
Fixed 10.2.153.1ubuntu0.10.04.1
released
karmic
Fixed 10.2.153.1ubuntu0.9.10.1
released
hardy
Fixed 10.2.153.1ubuntu0.8.04.2
released
dapper
ignored
References