CVE-2011-0611

8.8 HIGH CISA KEV - Actively Exploited
Published: April 13, 2011 Modified: October 22, 2025
View on NVD

Description

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx
Source: psirt@adobe.com
Not Applicable
http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html
Source: psirt@adobe.com
Exploit
http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html
Source: psirt@adobe.com
Exploit Issue Tracking
http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html
Source: psirt@adobe.com
Release Notes
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html
Source: psirt@adobe.com
Mailing List Patch
http://secunia.com/advisories/44119
Source: psirt@adobe.com
Broken Link Vendor Advisory
http://secunia.com/advisories/44141
Source: psirt@adobe.com
Broken Link Vendor Advisory
http://secunia.com/advisories/44149
Source: psirt@adobe.com
Broken Link Vendor Advisory
http://secunia.com/blog/210/
Source: psirt@adobe.com
Broken Link Vendor Advisory
http://securityreason.com/securityalert/8204
Source: psirt@adobe.com
Third Party Advisory
http://securityreason.com/securityalert/8292
Source: psirt@adobe.com
Third Party Advisory
http://www.adobe.com/support/security/advisories/apsa11-02.html
Source: psirt@adobe.com
Broken Link Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb11-07.html
Source: psirt@adobe.com
Broken Link Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb11-08.html
Source: psirt@adobe.com
Broken Link Vendor Advisory
http://www.exploit-db.com/exploits/17175
Source: psirt@adobe.com
Exploit Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/230057
Source: psirt@adobe.com
Broken Link Third Party Advisory US Government Resource
http://www.redhat.com/support/errata/RHSA-2011-0451.html
Source: psirt@adobe.com
Broken Link Vendor Advisory
http://www.securityfocus.com/bid/47314
Source: psirt@adobe.com
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1025324
Source: psirt@adobe.com
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1025325
Source: psirt@adobe.com
Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2011/0922
Source: psirt@adobe.com
Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2011/0923
Source: psirt@adobe.com
Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2011/0924
Source: psirt@adobe.com
Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/66681
Source: psirt@adobe.com
Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175
Source: psirt@adobe.com
Broken Link
http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Issue Tracking
http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Patch
http://secunia.com/advisories/44119
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://secunia.com/advisories/44141
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://secunia.com/advisories/44149
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://secunia.com/blog/210/
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://securityreason.com/securityalert/8204
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://securityreason.com/securityalert/8292
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.adobe.com/support/security/advisories/apsa11-02.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb11-07.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb11-08.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://www.exploit-db.com/exploits/17175
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/230057
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory US Government Resource
http://www.redhat.com/support/errata/RHSA-2011-0451.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://www.securityfocus.com/bid/47314
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1025324
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1025325
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2011/0922
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2011/0923
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2011/0924
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/66681
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

51 reference(s) from NVD

Quick Stats

CVSS v3 Score
8.8 / 10.0
EPSS (Exploit Probability)
93.7%
100th percentile
Exploitation Status
Actively Exploited
Remediation due: 2022-03-24

Weaknesses (CWE)

CWE-843 CWE-843

Affected Vendors

suse adobe linux oracle google microsoft apple opensuse

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3