Cyber Resilience

CVE-2011-0609

HighCISA KEVActive ExploitationEUVD Exploited

Published: 15 March 2011

Published
15 March 2011
Modified
21 April 2026
KEV Added
08 June 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.9208 99.7th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2011-0609 is a high-severity an unspecified weakness vulnerability in Microsoft Windows. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-2 (Flaw Remediation).

Deeper analysis

The unspecified vulnerability affects Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; Flash Player 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (also known as AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X. It permits remote attackers to execute arbitrary code or crash the application through specially crafted Flash content, such as an embedded .swf file.

Attackers can deliver the malicious content via documents or web pages that load Flash, enabling code execution or denial of service on systems where affected components process the input. The flaw was demonstrated in an Excel spreadsheet containing embedded Flash and saw active exploitation in the wild during March 2011.

Adobe, Google Chrome, openSUSE, and Secunia advisories address the issue through updated Flash Player, AIR, and Reader releases that remediate the flaw, along with guidance to apply patches promptly and disable Flash where feasible. The vulnerability carried a CVSS 7.8 score reflecting high impact under local access with user interaction.

EU & UK References

Vulnerability details

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and…

more

10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.

CWE(s)
KEV Date Added
08 June 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

adobe
flash player
≤ 10.2.154.13 · ≤ 10.1.106.16
adobe
acrobat
10.0, 10.0.1 · 9.0 — 9.4.2
adobe
acrobat reader
10.0, 10.0.1 · 9.0 — 9.4.2
adobe
air
≤ 2.5.1
opensuse
opensuse
11.2, 11.3, 11.4
suse
linux enterprise
10.0, 11.0
google
chrome
≤ 10.0.648.134

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of vendor patches that remediate the Flash/Reader code-execution flaw.

prevent

Explicitly governs the use and restrictions of mobile code such as Flash content that is the attack vector.

prevent

Enforces disabling or limiting Flash Player and AIR on systems where the capability is not required.

References