Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

CVE-2014-0502 (GCVE-0-2014-0502)

Vulnerability from nvd

Published

2014-02-21 02:00

Modified

2025-10-22 00:05

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

n/a

Summary

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html	vendor-advisory, x_refsource_SUSE
	https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html	x_refsource_MISC
	http://security.gentoo.org/glsa/glsa-201405-04.xml	vendor-advisory, x_refsource_GENTOO
	http://helpx.adobe.com/security/products/flash-player/apsb14-07.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2014-0196.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:20:18.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2014:0278",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html"
          },
          {
            "name": "GLSA-201405-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html"
          },
          {
            "name": "RHSA-2014:0196",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0196.html"
          },
          {
            "name": "SUSE-SU-2014:0290",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html"
          },
          {
            "name": "openSUSE-SU-2014:0277",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flash_player",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "11.7.700.269",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.0.70",
                "status": "affected",
                "version": "11.8.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flash_player",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "11.7.700.269",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.0.70",
                "status": "affected",
                "version": "11.8.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "air",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "4.0.0.1628",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "air_sdk",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "4.0.0.1628",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-09-17",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0502"
              },
              "type": "kev"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2014-0502",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-20T03:55:21.518965Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-415",
                "description": "CWE-415 Double Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T00:05:38.853Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0502"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-09-17T00:00:00+00:00",
            "value": "CVE-2014-0502 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK \u0026 Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-18T20:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "openSUSE-SU-2014:0278",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html"
        },
        {
          "name": "GLSA-201405-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html"
        },
        {
          "name": "RHSA-2014:0196",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0196.html"
        },
        {
          "name": "SUSE-SU-2014:0290",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html"
        },
        {
          "name": "openSUSE-SU-2014:0277",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2014-0502",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK \u0026 Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2014:0278",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html"
            },
            {
              "name": "https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html",
              "refsource": "MISC",
              "url": "https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html"
            },
            {
              "name": "GLSA-201405-04",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"
            },
            {
              "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html",
              "refsource": "CONFIRM",
              "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html"
            },
            {
              "name": "RHSA-2014:0196",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0196.html"
            },
            {
              "name": "SUSE-SU-2014:0290",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html"
            },
            {
              "name": "openSUSE-SU-2014:0277",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html"
            },
            {
              "name": "http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/",
              "refsource": "MISC",
              "url": "http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2014-0502",
    "datePublished": "2014-02-21T02:00:00.000Z",
    "dateReserved": "2013-12-20T00:00:00.000Z",
    "dateUpdated": "2025-10-22T00:05:38.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0611 (GCVE-0-2011-0611)

Vulnerability from nvd

Published

2011-04-13 14:00

Modified

2025-10-22 00:05

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

n/a

Summary

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.

References

URL

Tags

	http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175	vdb-entry, signature, x_refsource_OVAL
	http://www.securityfocus.com/bid/47314	vdb-entry, x_refsource_BID
	http://secunia.com/blog/210/	x_refsource_MISC
	http://securityreason.com/securityalert/8204	third-party-advisory, x_refsource_SREASON
	http://www.vupen.com/english/advisories/2011/0922	vdb-entry, x_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2011-0451.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html	vendor-advisory, x_refsource_SUSE
	http://www.adobe.com/support/security/bulletins/apsb11-07.html	x_refsource_CONFIRM
	http://securityreason.com/securityalert/8292	third-party-advisory, x_refsource_SREASON
	http://secunia.com/advisories/44149	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/44141	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/66681	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2011/0924	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1025325	vdb-entry, x_refsource_SECTRACK
	http://www.exploit-db.com/exploits/17175	exploit, x_refsource_EXPLOIT-DB
	http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx	x_refsource_MISC
	http://secunia.com/advisories/44119	third-party-advisory, x_refsource_SECUNIA
	http://www.kb.cert.org/vuls/id/230057	third-party-advisory, x_refsource_CERT-VN
	http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html	x_refsource_MISC
	http://www.vupen.com/english/advisories/2011/0923	vdb-entry, x_refsource_VUPEN
	http://www.adobe.com/support/security/advisories/apsa11-02.html	x_refsource_CONFIRM
	http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html	x_refsource_CONFIRM
	http://www.adobe.com/support/security/bulletins/apsb11-08.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1025324	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:flash_player:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flash_player",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "10.2.154.27",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "air",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "2.6.19140",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:reader:9.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "reader",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "9.4.4",
                "status": "affected",
                "version": "9.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:reader:10.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "reader",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "10.0.3",
                "status": "affected",
                "version": "10.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "acrobat",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "10.0.3",
                "status": "affected",
                "version": "10.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "acrobat",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "9.4.4",
                "status": "affected",
                "version": "9.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2011-0611",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-02T14:05:34.031031Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-843",
                "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T00:05:49.821Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-03T00:00:00+00:00",
            "value": "CVE-2011-0611 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:58:26.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
          },
          {
            "name": "oval:org.mitre.oval:def:14175",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
          },
          {
            "name": "47314",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47314"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/blog/210/"
          },
          {
            "name": "8204",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8204"
          },
          {
            "name": "ADV-2011-0922",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0922"
          },
          {
            "name": "RHSA-2011:0451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
          },
          {
            "name": "SUSE-SA:2011:018",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
          },
          {
            "name": "8292",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8292"
          },
          {
            "name": "44149",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44149"
          },
          {
            "name": "44141",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44141"
          },
          {
            "name": "adobe-flash-swf-doc-ce(66681)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
          },
          {
            "name": "ADV-2011-0924",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0924"
          },
          {
            "name": "1025325",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025325"
          },
          {
            "name": "17175",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17175"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
          },
          {
            "name": "44119",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44119"
          },
          {
            "name": "VU#230057",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/230057"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
          },
          {
            "name": "ADV-2011-0923",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0923"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
          },
          {
            "name": "1025324",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025324"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
        },
        {
          "name": "oval:org.mitre.oval:def:14175",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
        },
        {
          "name": "47314",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47314"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/blog/210/"
        },
        {
          "name": "8204",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8204"
        },
        {
          "name": "ADV-2011-0922",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0922"
        },
        {
          "name": "RHSA-2011:0451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
        },
        {
          "name": "SUSE-SA:2011:018",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
        },
        {
          "name": "8292",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8292"
        },
        {
          "name": "44149",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44149"
        },
        {
          "name": "44141",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44141"
        },
        {
          "name": "adobe-flash-swf-doc-ce(66681)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
        },
        {
          "name": "ADV-2011-0924",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0924"
        },
        {
          "name": "1025325",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025325"
        },
        {
          "name": "17175",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17175"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
        },
        {
          "name": "44119",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44119"
        },
        {
          "name": "VU#230057",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/230057"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
        },
        {
          "name": "ADV-2011-0923",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0923"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
        },
        {
          "name": "1025324",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025324"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2011-0611",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html",
              "refsource": "MISC",
              "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
            },
            {
              "name": "oval:org.mitre.oval:def:14175",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
            },
            {
              "name": "47314",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47314"
            },
            {
              "name": "http://secunia.com/blog/210/",
              "refsource": "MISC",
              "url": "http://secunia.com/blog/210/"
            },
            {
              "name": "8204",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8204"
            },
            {
              "name": "ADV-2011-0922",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0922"
            },
            {
              "name": "RHSA-2011:0451",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
            },
            {
              "name": "SUSE-SA:2011:018",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb11-07.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
            },
            {
              "name": "8292",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8292"
            },
            {
              "name": "44149",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44149"
            },
            {
              "name": "44141",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44141"
            },
            {
              "name": "adobe-flash-swf-doc-ce(66681)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
            },
            {
              "name": "ADV-2011-0924",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0924"
            },
            {
              "name": "1025325",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025325"
            },
            {
              "name": "17175",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17175"
            },
            {
              "name": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
            },
            {
              "name": "44119",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44119"
            },
            {
              "name": "VU#230057",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/230057"
            },
            {
              "name": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html",
              "refsource": "MISC",
              "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
            },
            {
              "name": "ADV-2011-0923",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0923"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa11-02.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
            },
            {
              "name": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html",
              "refsource": "CONFIRM",
              "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb11-08.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
            },
            {
              "name": "1025324",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025324"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2011-0611",
    "datePublished": "2011-04-13T14:00:00.000Z",
    "dateReserved": "2011-01-20T00:00:00.000Z",
    "dateUpdated": "2025-10-22T00:05:49.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0502 (GCVE-0-2014-0502)

Vulnerability from cvelistv5

Published

2014-02-21 02:00

Modified

2025-10-22 00:05

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

n/a

Summary

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html	vendor-advisory, x_refsource_SUSE
	https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html	x_refsource_MISC
	http://security.gentoo.org/glsa/glsa-201405-04.xml	vendor-advisory, x_refsource_GENTOO
	http://helpx.adobe.com/security/products/flash-player/apsb14-07.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2014-0196.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:20:18.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2014:0278",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html"
          },
          {
            "name": "GLSA-201405-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html"
          },
          {
            "name": "RHSA-2014:0196",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0196.html"
          },
          {
            "name": "SUSE-SU-2014:0290",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html"
          },
          {
            "name": "openSUSE-SU-2014:0277",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flash_player",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "11.7.700.269",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.0.70",
                "status": "affected",
                "version": "11.8.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flash_player",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "11.7.700.269",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.0.70",
                "status": "affected",
                "version": "11.8.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "air",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "4.0.0.1628",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "air_sdk",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "4.0.0.1628",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-09-17",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0502"
              },
              "type": "kev"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2014-0502",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-20T03:55:21.518965Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-415",
                "description": "CWE-415 Double Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T00:05:38.853Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0502"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-09-17T00:00:00+00:00",
            "value": "CVE-2014-0502 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK \u0026 Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-18T20:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "openSUSE-SU-2014:0278",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html"
        },
        {
          "name": "GLSA-201405-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html"
        },
        {
          "name": "RHSA-2014:0196",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0196.html"
        },
        {
          "name": "SUSE-SU-2014:0290",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html"
        },
        {
          "name": "openSUSE-SU-2014:0277",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2014-0502",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK \u0026 Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2014:0278",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html"
            },
            {
              "name": "https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html",
              "refsource": "MISC",
              "url": "https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html"
            },
            {
              "name": "GLSA-201405-04",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"
            },
            {
              "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html",
              "refsource": "CONFIRM",
              "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html"
            },
            {
              "name": "RHSA-2014:0196",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0196.html"
            },
            {
              "name": "SUSE-SU-2014:0290",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html"
            },
            {
              "name": "openSUSE-SU-2014:0277",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html"
            },
            {
              "name": "http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/",
              "refsource": "MISC",
              "url": "http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2014-0502",
    "datePublished": "2014-02-21T02:00:00.000Z",
    "dateReserved": "2013-12-20T00:00:00.000Z",
    "dateUpdated": "2025-10-22T00:05:38.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0611 (GCVE-0-2011-0611)

Vulnerability from cvelistv5

Published

2011-04-13 14:00

Modified

2025-10-22 00:05

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

n/a

Summary

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.

References

URL

Tags

	http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175	vdb-entry, signature, x_refsource_OVAL
	http://www.securityfocus.com/bid/47314	vdb-entry, x_refsource_BID
	http://secunia.com/blog/210/	x_refsource_MISC
	http://securityreason.com/securityalert/8204	third-party-advisory, x_refsource_SREASON
	http://www.vupen.com/english/advisories/2011/0922	vdb-entry, x_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2011-0451.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html	vendor-advisory, x_refsource_SUSE
	http://www.adobe.com/support/security/bulletins/apsb11-07.html	x_refsource_CONFIRM
	http://securityreason.com/securityalert/8292	third-party-advisory, x_refsource_SREASON
	http://secunia.com/advisories/44149	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/44141	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/66681	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2011/0924	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1025325	vdb-entry, x_refsource_SECTRACK
	http://www.exploit-db.com/exploits/17175	exploit, x_refsource_EXPLOIT-DB
	http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx	x_refsource_MISC
	http://secunia.com/advisories/44119	third-party-advisory, x_refsource_SECUNIA
	http://www.kb.cert.org/vuls/id/230057	third-party-advisory, x_refsource_CERT-VN
	http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html	x_refsource_MISC
	http://www.vupen.com/english/advisories/2011/0923	vdb-entry, x_refsource_VUPEN
	http://www.adobe.com/support/security/advisories/apsa11-02.html	x_refsource_CONFIRM
	http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html	x_refsource_CONFIRM
	http://www.adobe.com/support/security/bulletins/apsb11-08.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1025324	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:flash_player:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flash_player",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "10.2.154.27",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "air",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "2.6.19140",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:reader:9.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "reader",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "9.4.4",
                "status": "affected",
                "version": "9.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:reader:10.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "reader",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "10.0.3",
                "status": "affected",
                "version": "10.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "acrobat",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "10.0.3",
                "status": "affected",
                "version": "10.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "acrobat",
            "vendor": "adobe",
            "versions": [
              {
                "lessThan": "9.4.4",
                "status": "affected",
                "version": "9.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2011-0611",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-02T14:05:34.031031Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-843",
                "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T00:05:49.821Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-03T00:00:00+00:00",
            "value": "CVE-2011-0611 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:58:26.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
          },
          {
            "name": "oval:org.mitre.oval:def:14175",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
          },
          {
            "name": "47314",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47314"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/blog/210/"
          },
          {
            "name": "8204",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8204"
          },
          {
            "name": "ADV-2011-0922",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0922"
          },
          {
            "name": "RHSA-2011:0451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
          },
          {
            "name": "SUSE-SA:2011:018",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
          },
          {
            "name": "8292",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8292"
          },
          {
            "name": "44149",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44149"
          },
          {
            "name": "44141",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44141"
          },
          {
            "name": "adobe-flash-swf-doc-ce(66681)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
          },
          {
            "name": "ADV-2011-0924",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0924"
          },
          {
            "name": "1025325",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025325"
          },
          {
            "name": "17175",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17175"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
          },
          {
            "name": "44119",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44119"
          },
          {
            "name": "VU#230057",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/230057"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
          },
          {
            "name": "ADV-2011-0923",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0923"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
          },
          {
            "name": "1025324",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025324"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
        },
        {
          "name": "oval:org.mitre.oval:def:14175",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
        },
        {
          "name": "47314",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47314"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/blog/210/"
        },
        {
          "name": "8204",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8204"
        },
        {
          "name": "ADV-2011-0922",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0922"
        },
        {
          "name": "RHSA-2011:0451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
        },
        {
          "name": "SUSE-SA:2011:018",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
        },
        {
          "name": "8292",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8292"
        },
        {
          "name": "44149",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44149"
        },
        {
          "name": "44141",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44141"
        },
        {
          "name": "adobe-flash-swf-doc-ce(66681)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
        },
        {
          "name": "ADV-2011-0924",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0924"
        },
        {
          "name": "1025325",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025325"
        },
        {
          "name": "17175",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17175"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
        },
        {
          "name": "44119",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44119"
        },
        {
          "name": "VU#230057",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/230057"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
        },
        {
          "name": "ADV-2011-0923",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0923"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
        },
        {
          "name": "1025324",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025324"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2011-0611",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html",
              "refsource": "MISC",
              "url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
            },
            {
              "name": "oval:org.mitre.oval:def:14175",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
            },
            {
              "name": "47314",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47314"
            },
            {
              "name": "http://secunia.com/blog/210/",
              "refsource": "MISC",
              "url": "http://secunia.com/blog/210/"
            },
            {
              "name": "8204",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8204"
            },
            {
              "name": "ADV-2011-0922",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0922"
            },
            {
              "name": "RHSA-2011:0451",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
            },
            {
              "name": "SUSE-SA:2011:018",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb11-07.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
            },
            {
              "name": "8292",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8292"
            },
            {
              "name": "44149",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44149"
            },
            {
              "name": "44141",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44141"
            },
            {
              "name": "adobe-flash-swf-doc-ce(66681)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
            },
            {
              "name": "ADV-2011-0924",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0924"
            },
            {
              "name": "1025325",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025325"
            },
            {
              "name": "17175",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17175"
            },
            {
              "name": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
            },
            {
              "name": "44119",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44119"
            },
            {
              "name": "VU#230057",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/230057"
            },
            {
              "name": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html",
              "refsource": "MISC",
              "url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
            },
            {
              "name": "ADV-2011-0923",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0923"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa11-02.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
            },
            {
              "name": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html",
              "refsource": "CONFIRM",
              "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb11-08.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
            },
            {
              "name": "1025324",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025324"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2011-0611",
    "datePublished": "2011-04-13T14:00:00.000Z",
    "dateReserved": "2011-01-20T00:00:00.000Z",
    "dateUpdated": "2025-10-22T00:05:49.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Refine your search

4 vulnerabilities found for adobe_air by adobe

CVE-2014-0502 (GCVE-0-2014-0502)

Vulnerability from nvd

CVE-2011-0611 (GCVE-0-2011-0611)

Vulnerability from nvd

CVE-2014-0502 (GCVE-0-2014-0502)

Vulnerability from cvelistv5

CVE-2011-0611 (GCVE-0-2011-0611)

Vulnerability from cvelistv5