CVE-2011-0611

13.04.2011, 14:55

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.

Type Confusion

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
adobe	CNA	---				---
CISA-ADP	ADP	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
adobe	flash_player	𝑥 < 10.2.154.27
adobe	flash_player	𝑥 ≤ 10.2.156.12
adobe	acrobat_reader	9.0 ≤ 𝑥 < 9.4.4
adobe	acrobat_reader	10.0 ≤ 𝑥 ≤ 10.0.1
adobe	adobe_air	𝑥 < 2.6.19140
adobe	acrobat_reader	9.0 ≤ 𝑥 < 9.4.4
adobe	acrobat_reader	10.0 ≤ 𝑥 < 10.0.3
adobe	acrobat	9.0 ≤ 𝑥 < 9.4
adobe	acrobat	10.0 ≤ 𝑥 < 10.0.3
google	chrome	𝑥 < 10.0.648.205
opensuse	opensuse	11.2
opensuse	opensuse	11.3
opensuse	opensuse	11.4

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

acroread

natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	not-affected
hardy	not-affected
dapper	ignored

adobe-flashplugin

natty	Fixed 10.2.159.1-0natty1 released
maverick	Fixed 10.2.159.1-0maverick1 released
lucid	Fixed 10.2.159.1-0lucid1 released
karmic	Fixed 10.2.159.1-0karmic1 released
hardy	Fixed 10.2.159.1-0hardy1 released
dapper	dne

adobeair

natty	Fixed 1:2.6.0.19140-0natty1 released
maverick	Fixed 1:2.6.0.19140-0maverick1 released
lucid	Fixed 1:2.6.0.19140-0lucid1 released
hardy	ignored
dapper	dne

flashplugin-nonfree

natty	Fixed 10.2.159.1ubuntu1 released
maverick	Fixed 10.2.159.1ubuntu0.10.10.1 released
lucid	Fixed 10.2.159.1ubuntu0.10.04.1 released
karmic	Fixed 10.2.159.1ubuntu0.9.10.1 released
hardy	Fixed 10.2.159.1ubuntu0.8.04.1 released
dapper	ignored

Known Exploits!

Common Weakness Enumeration

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References

http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx

http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html

http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html

http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html

http://secunia.com/advisories/44119

http://secunia.com/advisories/44141

http://secunia.com/advisories/44149

http://secunia.com/blog/210/

http://securityreason.com/securityalert/8204

http://securityreason.com/securityalert/8292

http://www.adobe.com/support/security/advisories/apsa11-02.html

http://www.adobe.com/support/security/bulletins/apsb11-07.html

http://www.adobe.com/support/security/bulletins/apsb11-08.html

http://www.exploit-db.com/exploits/17175

http://www.kb.cert.org/vuls/id/230057

http://www.redhat.com/support/errata/RHSA-2011-0451.html

http://www.securityfocus.com/bid/47314

http://www.securitytracker.com/id?1025324

http://www.securitytracker.com/id?1025325

http://www.vupen.com/english/advisories/2011/0922

http://www.vupen.com/english/advisories/2011/0923

http://www.vupen.com/english/advisories/2011/0924

https://exchange.xforce.ibmcloud.com/vulnerabilities/66681

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175

http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx

http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html

http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html

http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html

http://secunia.com/advisories/44119

http://secunia.com/advisories/44141

http://secunia.com/advisories/44149

http://secunia.com/blog/210/

http://securityreason.com/securityalert/8204

http://securityreason.com/securityalert/8292

http://www.adobe.com/support/security/advisories/apsa11-02.html

http://www.adobe.com/support/security/bulletins/apsb11-07.html

http://www.adobe.com/support/security/bulletins/apsb11-08.html

http://www.exploit-db.com/exploits/17175

http://www.kb.cert.org/vuls/id/230057

http://www.redhat.com/support/errata/RHSA-2011-0451.html

http://www.securityfocus.com/bid/47314

http://www.securitytracker.com/id?1025324

http://www.securitytracker.com/id?1025325

http://www.vupen.com/english/advisories/2011/0922

http://www.vupen.com/english/advisories/2011/0923

http://www.vupen.com/english/advisories/2011/0924

https://exchange.xforce.ibmcloud.com/vulnerabilities/66681

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175