CVE-2011-0609
critical-risk
Published 2011-03-15
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
Do I need to act?
!
92.1% chance of exploitation in next 30 days
EPSS score — higher than 8% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (14)
References (45)
Third Party Advisory
http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates...
Broken Link
http://secunia.com/advisories/43751
Broken Link
http://secunia.com/advisories/43757
Broken Link
http://secunia.com/advisories/43772
Broken Link
http://secunia.com/advisories/43856
Broken Link
http://securityreason.com/securityalert/8152
Vendor Advisory
http://www.adobe.com/support/security/advisories/apsa11-01.html
Third Party Advisory
http://www.kb.cert.org/vuls/id/192052
Broken Link
http://www.securityfocus.com/bid/46860
Broken Link
http://www.securitytracker.com/id?1025210
Broken Link
http://www.securitytracker.com/id?1025211
Broken Link
http://www.securitytracker.com/id?1025238
and 25 more references
76
/ 100
critical-risk
Severity
24/34 · High
Exploitability
34/34 · Critical
Exposure
18/34 · Moderate