CVE-2011-0609
Published: 15 March 2011
Summary
CVE-2011-0609 is a high-severity an unspecified weakness vulnerability in Microsoft Windows. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-2 (Flaw Remediation).
Deeper analysis
The unspecified vulnerability affects Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; Flash Player 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (also known as AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X. It permits remote attackers to execute arbitrary code or crash the application through specially crafted Flash content, such as an embedded .swf file.
Attackers can deliver the malicious content via documents or web pages that load Flash, enabling code execution or denial of service on systems where affected components process the input. The flaw was demonstrated in an Excel spreadsheet containing embedded Flash and saw active exploitation in the wild during March 2011.
Adobe, Google Chrome, openSUSE, and Secunia advisories address the issue through updated Flash Player, AIR, and Reader releases that remediate the flaw, along with guidance to apply patches promptly and disable Flash where feasible. The vulnerability carried a CVSS 7.8 score reflecting high impact under local access with user interaction.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2011-0627
Vulnerability details
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and…
more
10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
- CWE(s)
- KEV Date Added
- 08 June 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of vendor patches that remediate the Flash/Reader code-execution flaw.
Explicitly governs the use and restrictions of mobile code such as Flash content that is the attack vector.
Enforces disabling or limiting Flash Player and AIR on systems where the capability is not required.