CVE DATABASE / CVE-2011-0609

CVE-2011-0609

Adobe Flash Player Unspecified Vulnerability

CVSS 7.8 · HIGH ⚠ CISA KEV — ACTIVELY EXPLOITED

On the CISA KEV catalog

Confirmed exploited in the wild. Added 2022-06-08. Federal remediation due 2022-06-22.
Required action: The impacted product is end-of-life and should be disconnected if still in use.

Summary

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.

CVSS 3.1 breakdown

Base score	7.8 (HIGH)
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack vector	LOCAL
Attack complexity	LOW
Privileges required	NONE
User interaction	REQUIRED
Scope	UNCHANGED
Confidentiality	HIGH
Integrity	HIGH
Availability	HIGH

Affected products

Adobe flash playerApple mac os xLinux linux kernelMicrosoft windowsOracle solarisGoogle androidAdobe acrobatAdobe acrobat readerAdobe airOpensuse opensuseSuse linux enterpriseGoogle chromeApple macosGoogle chrome os

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

Data: NIST NVD + CISA KEV. NVD last modified 2026-04-21. Always verify against the vendor advisory before acting.