CVE-2011-0609 - Vulnerability Details

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since June 8, 2022.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Adobe	Acrobat Acrobat Reader Air Flash Player
Apple	Mac Os X Macos
Google	Android Chrome Chrome Os
Linux	Linux Kernel
Microsoft	Windows
Opensuse	Opensuse
Oracle	Solaris
Redhat	Rhel Extras
Suse	Linux Enterprise

Configuration 1 [-]

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:oracle:solaris:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:a:adobe:acrobat::::::::
	cpe:2.3:a:adobe:acrobat:10.0:::::::*
	cpe:2.3:a:adobe:acrobat:10.0.1:::::::*
	cpe:2.3:a:adobe:acrobat_reader::::::::
	cpe:2.3:a:adobe:acrobat_reader:10.0:::::::*
	cpe:2.3:a:adobe:acrobat_reader:10.0.1:::::::*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 4 [-]

cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:o:opensuse:opensuse:11.2:::::::*
	cpe:2.3:o:opensuse:opensuse:11.3:::::::*
	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:suse:linux_enterprise:10.0:sp3::::::
	cpe:2.3:o:suse:linux_enterprise:11.0:sp1::::::

Configuration 6 [-]

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:google:chrome_os:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6 Supplementary
flash-plugin-0:10.2.153.1-1.el6	cpe:/a:redhat:rhel_extras:6	RHSA-2011:0372	2011-03-22T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
flash-plugin-0:10.2.153.1-1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2011:0372	2011-03-22T00:00:00Z

References

Link	Providers
http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html
http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://secunia.com/advisories/43751
http://secunia.com/advisories/43757
http://secunia.com/advisories/43772
http://secunia.com/advisories/43856
http://securityreason.com/securityalert/8152
http://www.adobe.com/support/security/advisories/apsa11-01.html
http://www.adobe.com/support/security/bulletins/apsb11-06.html
http://www.kb.cert.org/vuls/id/192052
http://www.redhat.com/support/errata/RHSA-2011-0372.html
http://www.securityfocus.com/bid/46860
http://www.securitytracker.com/id?1025210
http://www.securitytracker.com/id?1025211
http://www.securitytracker.com/id?1025238
http://www.vupen.com/english/advisories/2011/0655
http://www.vupen.com/english/advisories/2011/0656
http://www.vupen.com/english/advisories/2011/0688
http://www.vupen.com/english/advisories/2011/0732
https://exchange.xforce.ibmcloud.com/vulnerabilities/66078
https://nvd.nist.gov/vuln/detail/CVE-2011-0609
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2011-0609

History

Tue, 04 Feb 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-06-08'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 13 Aug 2024 23:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2011-03-15T17:00:00.000Z

Updated: 2025-02-04T21:47:12.409Z

Reserved: 2011-01-20T00:00:00.000Z

Link: CVE-2011-0609

Vulnrichment

Updated: 2024-08-06T21:58:26.021Z

NVD

Status : Deferred

Published: 2011-03-15T17:55:03.827

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-0609

Redhat

Severity : Critical

Publid Date: 2011-03-14T00:00:00Z

Links: CVE-2011-0609 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-14T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01.000Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"name": "46860", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46860"}, {"tags": ["x_refsource_MISC"], "url": "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html"}, {"name": "ADV-2011-0732", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0732"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html"}, {"name": "43751", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43751"}, {"name": "oval:org.mitre.oval:def:14147", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147"}, {"name": "ADV-2011-0656", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0656"}, {"name": "1025211", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1025211"}, {"name": "SUSE-SR:2011:005", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"}, {"name": "adobe-flash-authplay-ce(66078)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66078"}, {"name": "ADV-2011-0655", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0655"}, {"name": "1025210", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1025210"}, {"name": "43856", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43856"}, {"name": "VU#192052", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/192052"}, {"name": "43772", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43772"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb11-06.html"}, {"name": "8152", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8152"}, {"name": "1025238", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1025238"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html"}, {"name": "RHSA-2011:0372", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0372.html"}, {"name": "43757", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43757"}, {"name": "ADV-2011-0688", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0688"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-0609", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "46860", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46860"}, {"name": "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html", "refsource": "MISC", "url": "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html"}, {"name": "ADV-2011-0732", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0732"}, {"name": "http://www.adobe.com/support/security/advisories/apsa11-01.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html"}, {"name": "43751", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43751"}, {"name": "oval:org.mitre.oval:def:14147", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147"}, {"name": "ADV-2011-0656", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0656"}, {"name": "1025211", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025211"}, {"name": "SUSE-SR:2011:005", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"}, {"name": "adobe-flash-authplay-ce(66078)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66078"}, {"name": "ADV-2011-0655", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0655"}, {"name": "1025210", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025210"}, {"name": "43856", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43856"}, {"name": "VU#192052", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/192052"}, {"name": "43772", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43772"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb11-06.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-06.html"}, {"name": "8152", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8152"}, {"name": "1025238", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025238"}, {"name": "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html", "refsource": "CONFIRM", "url": "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html"}, {"name": "RHSA-2011:0372", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-0372.html"}, {"name": "43757", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43757"}, {"name": "ADV-2011-0688", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0688"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:58:26.021Z"}, "title": "CVE Program Container", "references": [{"name": "46860", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/46860"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html"}, {"name": "ADV-2011-0732", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0732"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html"}, {"name": "43751", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43751"}, {"name": "oval:org.mitre.oval:def:14147", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147"}, {"name": "ADV-2011-0656", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0656"}, {"name": "1025211", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1025211"}, {"name": "SUSE-SR:2011:005", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"}, {"name": "adobe-flash-authplay-ce(66078)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66078"}, {"name": "ADV-2011-0655", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0655"}, {"name": "1025210", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1025210"}, {"name": "43856", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43856"}, {"name": "VU#192052", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/192052"}, {"name": "43772", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43772"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/security/bulletins/apsb11-06.html"}, {"name": "8152", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8152"}, {"name": "1025238", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1025238"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html"}, {"name": "RHSA-2011:0372", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0372.html"}, {"name": "43757", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43757"}, {"name": "ADV-2011-0688", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0688"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-04T21:47:08.155297Z", "id": "CVE-2011-0609", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-06-08", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2011-0609"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T21:47:12.409Z"}}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2011-0609", "datePublished": "2011-03-15T17:00:00.000Z", "dateReserved": "2011-01-20T00:00:00.000Z", "dateUpdated": "2025-02-04T21:47:12.409Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.securityfocus.com/bid/46860", "name": "46860", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.vupen.com/english/advisories/2011/0732", "name": "ADV-2011-0732", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"]}, {"url": "http://www.adobe.com/support/security/advisories/apsa11-01.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://secunia.com/advisories/43751", "name": "43751", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147", "name": "oval:org.mitre.oval:def:14147", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"]}, {"url": "http://www.vupen.com/english/advisories/2011/0656", "name": "ADV-2011-0656", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"]}, {"url": "http://www.securitytracker.com/id?1025211", "name": "1025211", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", "name": "SUSE-SR:2011:005", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66078", "name": "adobe-flash-authplay-ce(66078)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"]}, {"url": "http://www.vupen.com/english/advisories/2011/0655", "name": "ADV-2011-0655", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"]}, {"url": "http://www.securitytracker.com/id?1025210", "name": "1025210", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "http://secunia.com/advisories/43856", "name": "43856", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://www.kb.cert.org/vuls/id/192052", "name": "VU#192052", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"]}, {"url": "http://secunia.com/advisories/43772", "name": "43772", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://www.adobe.com/support/security/bulletins/apsb11-06.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://securityreason.com/securityalert/8152", "name": "8152", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"]}, {"url": "http://www.securitytracker.com/id?1025238", "name": "1025238", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0372.html", "name": "RHSA-2011:0372", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://secunia.com/advisories/43757", "name": "43757", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://www.vupen.com/english/advisories/2011/0688", "name": "ADV-2011-0688", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:58:26.021Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2011-0609", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T21:47:08.155297Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-06-08", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2011-0609"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T21:46:55.429Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-14T00:00:00.000Z", "references": [{"url": "http://www.securityfocus.com/bid/46860", "name": "46860", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html", "tags": ["x_refsource_MISC"]}, {"url": "http://www.vupen.com/english/advisories/2011/0732", "name": "ADV-2011-0732", "tags": ["vdb-entry", "x_refsource_VUPEN"]}, {"url": "http://www.adobe.com/support/security/advisories/apsa11-01.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://secunia.com/advisories/43751", "name": "43751", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147", "name": "oval:org.mitre.oval:def:14147", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"]}, {"url": "http://www.vupen.com/english/advisories/2011/0656", "name": "ADV-2011-0656", "tags": ["vdb-entry", "x_refsource_VUPEN"]}, {"url": "http://www.securitytracker.com/id?1025211", "name": "1025211", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", "name": "SUSE-SR:2011:005", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66078", "name": "adobe-flash-authplay-ce(66078)", "tags": ["vdb-entry", "x_refsource_XF"]}, {"url": "http://www.vupen.com/english/advisories/2011/0655", "name": "ADV-2011-0655", "tags": ["vdb-entry", "x_refsource_VUPEN"]}, {"url": "http://www.securitytracker.com/id?1025210", "name": "1025210", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "http://secunia.com/advisories/43856", "name": "43856", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://www.kb.cert.org/vuls/id/192052", "name": "VU#192052", "tags": ["third-party-advisory", "x_refsource_CERT-VN"]}, {"url": "http://secunia.com/advisories/43772", "name": "43772", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://www.adobe.com/support/security/bulletins/apsb11-06.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://securityreason.com/securityalert/8152", "name": "8152", "tags": ["third-party-advisory", "x_refsource_SREASON"]}, {"url": "http://www.securitytracker.com/id?1025238", "name": "1025238", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0372.html", "name": "RHSA-2011:0372", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://secunia.com/advisories/43757", "name": "43757", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://www.vupen.com/english/advisories/2011/0688", "name": "ADV-2011-0688", "tags": ["vdb-entry", "x_refsource_VUPEN"]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2017-09-18T12:57:01.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/46860", "name": "46860", "refsource": "BID"}, {"url": "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html", "name": "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html", "refsource": "MISC"}, {"url": "http://www.vupen.com/english/advisories/2011/0732", "name": "ADV-2011-0732", "refsource": "VUPEN"}, {"url": "http://www.adobe.com/support/security/advisories/apsa11-01.html", "name": "http://www.adobe.com/support/security/advisories/apsa11-01.html", "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/43751", "name": "43751", "refsource": "SECUNIA"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147", "name": "oval:org.mitre.oval:def:14147", "refsource": "OVAL"}, {"url": "http://www.vupen.com/english/advisories/2011/0656", "name": "ADV-2011-0656", "refsource": "VUPEN"}, {"url": "http://www.securitytracker.com/id?1025211", "name": "1025211", "refsource": "SECTRACK"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", "name": "SUSE-SR:2011:005", "refsource": "SUSE"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66078", "name": "adobe-flash-authplay-ce(66078)", "refsource": "XF"}, {"url": "http://www.vupen.com/english/advisories/2011/0655", "name": "ADV-2011-0655", "refsource": "VUPEN"}, {"url": "http://www.securitytracker.com/id?1025210", "name": "1025210", "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/43856", "name": "43856", "refsource": "SECUNIA"}, {"url": "http://www.kb.cert.org/vuls/id/192052", "name": "VU#192052", "refsource": "CERT-VN"}, {"url": "http://secunia.com/advisories/43772", "name": "43772", "refsource": "SECUNIA"}, {"url": "http://www.adobe.com/support/security/bulletins/apsb11-06.html", "name": "http://www.adobe.com/support/security/bulletins/apsb11-06.html", "refsource": "CONFIRM"}, {"url": "http://securityreason.com/securityalert/8152", "name": "8152", "refsource": "SREASON"}, {"url": "http://www.securitytracker.com/id?1025238", "name": "1025238", "refsource": "SECTRACK"}, {"url": "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html", "name": "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html", "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0372.html", "name": "RHSA-2011:0372", "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/43757", "name": "43757", "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2011/0688", "name": "ADV-2011-0688", "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-0609", "STATE": "PUBLIC", "ASSIGNER": "psirt@adobe.com"}}}}, "cveMetadata": {"cveId": "CVE-2011-0609", "state": "PUBLISHED", "dateUpdated": "2025-02-04T21:47:12.409Z", "dateReserved": "2011-01-20T00:00:00.000Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2011-03-15T17:00:00.000Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-06-22", "cisaExploitAdd": "2022-06-08", "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.", "cisaVulnerabilityName": "Adobe Flash Player Unspecified Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CE70003-27CE-4189-8F09-E8E25168BDC2", "versionEndIncluding": "10.2.154.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}, {"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6F057DF-F6F8-4D20-B32C-930CD93347C6", "versionEndIncluding": "10.1.106.16", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3842B12-98F1-47D5-8EC2-F76BB6737D2D", "versionEndIncluding": "9.4.2", "versionStartIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "B57C5136-7853-478B-A342-6013528B41B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "CC1E1EE7-379E-4047-962D-0A311EB0DB1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6EAD79A-9A1B-4EF4-9DC8-50FB4EF97718", "versionEndIncluding": "9.4.2", "versionStartIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "9731EFE2-A5BE-4389-A92D-DDC573633B6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F9B4B357-27C7-4926-936C-A100A7AD538B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EA2B712-1B02-4BBA-A46C-00858320FD25", "versionEndIncluding": "2.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "1193A7E6-DCB4-4E79-A509-1D6948153A57", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "4500161F-13A0-4369-B93A-778B34E7F005", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EC8CA74-41F7-4449-8FAA-5B181E198529", "versionEndExcluding": "10.0.648.134", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en Adobe Flash Player 10.2.154.13 y versiones anteriores en Windows, Mac OS X, Linux y Solaris, y 10.1.106.16 y anteriores en Android, y Authplay.dll (AuthPlayLib.bundle) de Adobe Reader y Acrobat 9.x hasta 9.4.2 y 10.x hasta 10.0.1 en Windows y Mac OS X. Permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de contenido Flash modificado, como se ha demostrado con un fichero .swf embebido en una hoja de c\u00e1lculo Excel. Se ha explotado en Internet en Marzo del 2011."}], "id": "CVE-2011-0609", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2011-03-15T17:55:03.827", "references": [{"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/43751"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/43757"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/43772"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/43856"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://securityreason.com/securityalert/8152"}, {"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html"}, {"source": "psirt@adobe.com", "tags": ["Not Applicable"], "url": "http://www.adobe.com/support/security/bulletins/apsb11-06.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/192052"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0372.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/46860"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1025210"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1025211"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1025238"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0655"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0656"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0688"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0732"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66078"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/43751"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/43757"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/43772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/43856"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://securityreason.com/securityalert/8152"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://www.adobe.com/support/security/bulletins/apsb11-06.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/192052"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0372.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/46860"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1025210"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1025211"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1025238"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0655"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0656"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0688"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0732"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66078"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:0372", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "flash-plugin-0:10.2.153.1-1.el6", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2011-03-22T00:00:00Z"}, {"advisory": "RHSA-2011:0372", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "flash-plugin-0:10.2.153.1-1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2011-03-22T00:00:00Z"}], "bugzilla": {"description": "flash-plugin: crash and potential arbitrary code execution (APSB11-05)", "id": "684988", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684988"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011."], "name": "CVE-2011-0609", "public_date": "2011-03-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-0609\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-0609\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Critical"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object