CVE-2011-0611
published 2011-04-13CVE-2011-0611: Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and…
PriorityP189high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-03-24
Exploited in the wild
EPSS
99.41%
99.9th percentile
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | >= 10.0 < 10.0.3 | 10.0.3 |
| adobe | acrobat | >= 9.0 < 9.4 | 9.4 |
| adobe | acrobat_reader | >= 10.0 < 10.0.3 | 10.0.3 |
| adobe | acrobat_reader | 10.0 – 10.0.1 | — |
| adobe | acrobat_reader | >= 9.0 < 9.4.4 | 9.4.4 |
| adobe | adobe_air | < 2.6.19140 | 2.6.19140 |
| adobe | flash_player | < 10.2.154.27 | 10.2.154.27 |
| adobe | flash_player | <= 10.2.156.12 | — |
| chrome | < 10.0.648.205 | 10.0.648.205 | |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_desktop | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Blackhole Acrobat 1-7 PDF exploit download request 3"; flow:established,to_server; content:"/fdp1.php?f="; http_uri; reference:md5,8a33d1d36d097ca13136832aa10ae5ca; reference:cve,CVE-2011-0611; classtype:trojan-activity; sid:2014052; rev:2;)
snort↗
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS DRIVEBY Blackhole PDF Exploit Request /fdp2.php"; flow:established,to_server; content:"/fdp2.php?f="; http_uri; reference:md5,8a33d1d36d097ca13136832aa10ae5ca; reference:cve,CVE-2011-0611; classtype:trojan-activity; sid:2014035; rev:2;)
- →The exploit is delivered via a crafted .swf embedded in a PDF or Office document; the Flash crash is triggered by an invalid object type use at Flash10o+0xd01f6 (call dword ptr [eax+8] where eax=11111110), indicating heap spray with 0x0c0c0c0c nop sled pattern. ↗
- →CVE-2011-0611 was exploited via both .swf standalone and PDF-embedded vectors; hosts running both Adobe Flash Player and Adobe Reader may be vulnerable through separate update channels, so both products must be checked for patching. ↗
- →The Metasploit module targets IE 6/7 on Windows XP SP3 and Windows Vista; User-Agent filtering in the exploit checks for 'MSIE \d\.\d' — defenders can correlate IDS alerts with these UA strings in proxy/web logs. ↗
- ·The Metasploit module's exploit SWF is loaded from a static file path on disk (data/exploits/CVE-2011-0611.swf); the HTML and JS variable names are randomized per request, limiting static string-based detection of the JS wrapper. ↗
- ·The Elirks backdoor retrieves its C2 address dynamically from attacker-controlled microblog/SNS accounts rather than hardcoded IPs, making static C2 IOCs short-lived. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Adobe Flash Player Remote Code Execution Vulnerability
cisa·2022-03-03·CVSS 8.8
CVE-2011-0611 [HIGH] CWE-843 Adobe Flash Player Remote Code Execution Vulnerability
Vulnerability: Adobe Flash Player Remote Code Execution Vulnerability
Affected: Adobe Flash Player
Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2011-0611
Remediation Due Date: 2022-03-24
Red Hat
flash-plugin: crash and potential arbitrary code execution (APSB11-07)
vendor_redhat·2011-04-11·CVSS 8.8
CVE-2011-0611 [HIGH] flash-plugin: crash and potential arbitrary code execution (APSB11-07)
flash-plugin: crash and potential arbitrary code execution (APSB11-07)
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom func
GHSA
GHSA-xhq8-8cqj-q337: Adobe Flash Player before 10
ghsa_unreviewed·2022-05-14
CVE-2011-0611 [HIGH] CWE-119 GHSA-xhq8-8cqj-q337: Adobe Flash Player before 10
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in A
VulnCheck
Adobe Flash Player Remote Code Execution Vulnerability
vulncheck·2011·CVSS 8.8
CVE-2011-0611 [HIGH] CWE-843 Adobe Flash Player Remote Code Execution Vulnerability
Adobe Flash Player Remote Code Execution Vulnerability
Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.
Affected: Adobe Flash Player
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2011-0611; https://documents.trendmicro.com/assets/wp/wp_luckycat_redux.pdf; https://web.archive.org/web/20120907091804/http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_taidoor_campaign.pdf; https://www.kaspersky.com/resource-center/threats/crouching-yeti-energetic-bear-malware-threat; https://www.trendmicro.de/cloud-content/us/pdfs/se
No detection rules found.
Exploit-DB
Adobe Reader X 10.0.0 < 10.0.1 - Atom Type Confusion
exploitdb·2011-07-03·CVSS 8.8
CVE-2011-0611 [HIGH] Adobe Reader X 10.0.0 < 10.0.1 - Atom Type Confusion
Adobe Reader X 10.0.0 gmail )
# Version: Adobe Reader X
#It work reliably on IE9/FF4 and other browsers.
#
# The Arashi : http://abysssec.com/files/The_Arashi.pdf
http://www.exploit-db.com/docs/17469.pdf
# me : twitter.com/ponez
# also check here for The Persian docs of this methods and more :
http://www.0days.ir/article/
Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17473.pdf (cve-2011-0611_exploit.pdf)
Exploit-DB
Adobe Flash Player 10.2.153.1 - SWF Memory Corruption (Metasploit)
exploitdb·2011-04-16
CVE-2011-0611 Adobe Flash Player 10.2.153.1 - SWF Memory Corruption (Metasploit)
Adobe Flash Player 10.2.153.1 - SWF Memory Corruption (Metasploit)
---
##
# $Id: adobe_flashplayer_flash10o.rb 12330 2011-04-16 02:09:33Z sinn3r $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 "Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability",
'Description' => %q{
This module exploits a vulnerability in Adobe Flash Player that was discovered, and
has been exploited actively in the wild. By embedding a specially crafted .swf file,
Adobe Flash crashes due to an invalid use of an object type, which allows attackers to
overwr
Metasploit
Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability
metasploit
Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability
Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability
This module exploits a vulnerability in Adobe Flash Player that was discovered, and has been exploited actively in the wild. By embedding a specially crafted .swf file, Adobe Flash crashes due to an invalid use of an object type, which allows attackers to overwrite a pointer in memory, and results arbitrary code execution. Please note for IE 8 targets, Java Runtime Environment must be available on the victim machine in order to work properly.
Securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
blogs_securelist·2017-11-16
Investigation Report for the September 2014 Equation malware detection incident in the US
Authors
- Kaspersky
## Background
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others that followed it:
1. Was our software used outside of its intended functionality to pull classified information from a person’s c
Securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
blogs_securelist·2017-11-16
Investigation Report for the September 2014 Equation malware detection incident in the US
Authors
Kaspersky
## Background
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others that followed it:
Was our software used outside of its intended functionality to pull classified information from a person’s comput
Unit42
Tracking Elirks Variants in Japan: Similarities to Previous Attacks
blogs_unit42·2016-06-23
Tracking Elirks Variants in Japan: Similarities to Previous Attacks
A recent, well-publicized attack on a Japanese business involved two malware families, PlugX and Elirks, that were found during the investigation. PlugX has been used in a number of attacks since first being discovered in 2012, and we have published several articles related to its use, including an analysis of an attack campaign targeting Japanese companies.
Elirks, less widely known than PlugX, is a basic backdoor Trojan, first discovered in 2010, that is primarily used to steal information from compromised systems. We mostly observe attacks using Elirks occurring in East Asia. One of the unique features of the malware is that it retrieves its C2 address by accessing a pre-determined microblog service or SNS. Attackers create accounts on those services and post encoded IP addresses or th
Unit42
Tracking Elirks Variants in Japan: Similarities to Previous Attacks
blogs_unit42·2016-06-23
Tracking Elirks Variants in Japan: Similarities to Previous Attacks
Threat Research Center
Threat Research
Malware
## Tracking Elirks Variants in Japan: Similarities to Previous Attacks
Kaoru Hayashi
Published: June 23, 2016
Malware
Threat Research
APAC
Elirks
Japan
PlugX
Scarlet Mimic
A recent, well-publicized attack on a Japanese business involved two malware families, PlugX and Elirks, that were found during the investigation. PlugX has been used in a number of attacks since first being discovered in 2012, and we have published several articles related to its use, including an analysis of an attack campaign targeting Japanese companies .
Elirks, less widely known than PlugX, is a basic backdoor Trojan, first discovered in 2010, that is primarily used to steal information from compromised systems. We mostly observe attacks using Elirks oc
Qualys
US-CERT: Top 30 Vulnerabilities | Qualys
blogs_qualys·2015-05-01·CVSS 2.6
[LOW] US-CERT: Top 30 Vulnerabilities | Qualys
On April 29, 2015 US-CERT published TA15-119A which describes the Top 30 vulnerabilities that critical infrastructure organizations should focus on because they are under attack all the time. The list contains Windows, Internet Explorer, Adobe Software from Reader, Flash to Cold Fusion, Java from Oracle and others and is quite similar to the more generic set of software packages published by the German BSI last December.
Here is a list of the vulnerabilities in the advisory. I have reordered and optimized where possible for efficient scanning with Qualys, for example listing the most recent patch first to take advantage of superseding patches:
- Windows: MS14-060 for CVE-2014-4114, Qualys ID: 90979
- Internet Explorer: MS14-021 for CVE-2014-1776, Qualys ID: 100191
- MS14-012 for CVE-201
Schneier
Research on Patch Deployment - Schneier on Security
blogs_schneier·2015-05-01·CVSS 8.8
[HIGH] Research on Patch Deployment - Schneier on Security
## Research on Patch Deployment
New research indicates that it’s very hard to completely patch systems against vulnerabilities:
It turns out that it may not be that easy to patch vulnerabilities completely. Using WINE , we analyzed the patch deployment process for 1,593 vulnerabilities from 10 Windows client applications, on 8.4 million hosts worldwide [Oakland 2015] . We found that a host may be affected by multiple instances of the same vulnerability, because the vulnerable program is installed in several directories or because the vulnerability is in a shared library distributed with several applications. For example, CVE-2011-0611 affected both the Adobe Flash Player and Adobe Reader (Reader includes a library for playing .swf objects embedded in a PDF). Because updates for the two p
Qualys
US-CERT: Top 30 Vulnerabilities | Qualys
blogs_qualys·2015-05-01·CVSS 2.6
[LOW] US-CERT: Top 30 Vulnerabilities | Qualys
On April 29, 2015 US-CERT published TA15-119A which describes the Top 30 vulnerabilities that critical infrastructure organizations should focus on because they are under attack all the time. The list contains Windows, Internet Explorer, Adobe Software from Reader, Flash to Cold Fusion, Java from Oracle and others and is quite similar to the more generic set of software packages published by the German BSI last December.
Here is a list of the vulnerabilities in the advisory. I have reordered and optimized where possible for efficient scanning with Qualys, for example listing the most recent patch first to take advantage of superseding patches:
Windows: MS14-060 for CVE-2014-4114, Qualys ID: 90979
MS14-012 for CVE-2014-0322
MS13-038 for CVE-2013-1347
MS13-008 for CVE-2012-4792
MS10-01
Zscaler
PDF Exploits Targeted Through Blackhole Exploit Kits. | Zscaler
blogs_zscaler·2012-04-09
PDF Exploits Targeted Through Blackhole Exploit Kits. | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Zscaler
Adobe Flash “SWF” Exploit Still In The Wild | Zscaler Blog
blogs_zscaler·2011-11-10·CVSS 8.8
[HIGH] Adobe Flash “SWF” Exploit Still In The Wild | Zscaler Blog
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Threat Intel
Dragonfly (Dragonfly, TEMP.Isotope, DYMALLOY)
threat_intel
Dragonfly (Dragonfly, TEMP.Isotope, DYMALLOY)
# Threat Actor Profile: Dragonfly
ATT&CK ID: G0035
Also known as: Dragonfly, TEMP.Isotope, DYMALLOY, Berserk Bear, TG-4192, Crouching Yeti, IRON LIBERTY, Energetic Bear, Ghost Blizzard, BROMINE
Suspected origin: Russia
## Overview
Dragonfly is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16.(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022) Active since at least 2010, Dragonfly has targeted defense and aviation companies, government entities, companies related to industrial control systems, and critical infrastructure sectors worldwide through supply chain, spearphishing, and drive-by compromise attacks.(Citation: Symantec Dragonfly)(Citation: Secureworks IRON LIBERTY July 201
Threat Intel
APT12 (APT12, IXESHE, DynCalc)
threat_intel·CVSS 8.8
[HIGH] APT12 (APT12, IXESHE, DynCalc)
# Threat Actor Profile: APT12
ATT&CK ID: G0005
Also known as: APT12, IXESHE, DynCalc, Numbered Panda, DNSCALC
Suspected origin: China
## Overview
APT12 is a threat group that has been attributed to China. The group has targeted a variety of victims including but not limited to media outlets, high-tech companies, and multiple governments.(Citation: Meyers Numbered Panda)
## Techniques (TTPs)
### Initial Access
- T1566.001 Spearphishing Attachment
Usage: APT12 has sent emails with malicious Microsoft Office documents and PDFs attached.(Citation: Moran 2014)(Citation: Trend Micro IXESHE 2012)
### Execution
- T1204.002 Malicious File
Usage: APT12 has attempted to get victims to open malicious Microsoft Word and PDF attachment sent via spearphishing.(Citation: Moran 2014)(Citation: Trend Mi
arXiv
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures
arxiv_fulltext·2025-02-12
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures
Almuthanna Alageel
and
Sergio Maffeis
Department of Computing
Imperial College London
London, United Kingdom
plain
plain
## Abstract
The scarcity of data and the high complexity of Advanced Persistent Threats (APTs) attacks have created challenges in comprehending their behavior and hindered the exploration of effective detection techniques.
To create an effective APT detection strategy, it is important to examine the Tactics, Techniques, and Procedures (TTPs) that have been reported by the industry. These TTPs can be difficult to classify as either malicious or legitimate. When developing an approach for the next generation of network intrusion detection systems (NIDS), it is necessary to
Bugzilla
CVE-2011-0611 flash-plugin: crash and potential arbitrary code execution (APSB11-07)
bugzilla·2011-04-11·CVSS 8.8
CVE-2011-0611 [HIGH] CVE-2011-0611 flash-plugin: crash and potential arbitrary code execution (APSB11-07)
CVE-2011-0611 flash-plugin: crash and potential arbitrary code execution (APSB11-07)
Adobe has released APSA11-02 [1] to warn of a new critical vulnerability in
Adobe Flash Player 10.x. The vulnerability is described as:
This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform. At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.
This flaw does not affect Adobe Rea
http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspxhttp://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.htmlhttp://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.htmlhttp://googlechromereleases.blogspot.com/2011/04/stable-channel-update.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.htmlhttp://secunia.com/advisories/44119http://secunia.com/advisories/44141http://secunia.com/advisories/44149http://secunia.com/blog/210/http://securityreason.com/securityalert/8204http://securityreason.com/securityalert/8292http://www.adobe.com/support/security/advisories/apsa11-02.htmlhttp://www.adobe.com/support/security/bulletins/apsb11-07.htmlhttp://www.adobe.com/support/security/bulletins/apsb11-08.htmlhttp://www.exploit-db.com/exploits/17175http://www.kb.cert.org/vuls/id/230057http://www.redhat.com/support/errata/RHSA-2011-0451.htmlhttp://www.securityfocus.com/bid/47314http://www.securitytracker.com/id?1025324http://www.securitytracker.com/id?1025325http://www.vupen.com/english/advisories/2011/0922http://www.vupen.com/english/advisories/2011/0923http://www.vupen.com/english/advisories/2011/0924https://exchange.xforce.ibmcloud.com/vulnerabilities/66681https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspxhttp://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.htmlhttp://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.htmlhttp://googlechromereleases.blogspot.com/2011/04/stable-channel-update.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.htmlhttp://secunia.com/advisories/44119http://secunia.com/advisories/44141http://secunia.com/advisories/44149http://secunia.com/blog/210/http://securityreason.com/securityalert/8204http://securityreason.com/securityalert/8292http://www.adobe.com/support/security/advisories/apsa11-02.htmlhttp://www.adobe.com/support/security/bulletins/apsb11-07.htmlhttp://www.adobe.com/support/security/bulletins/apsb11-08.htmlhttp://www.exploit-db.com/exploits/17175http://www.kb.cert.org/vuls/id/230057http://www.redhat.com/support/errata/RHSA-2011-0451.htmlhttp://www.securityfocus.com/bid/47314http://www.securitytracker.com/id?1025324http://www.securitytracker.com/id?1025325http://www.vupen.com/english/advisories/2011/0922http://www.vupen.com/english/advisories/2011/0923http://www.vupen.com/english/advisories/2011/0924https://exchange.xforce.ibmcloud.com/vulnerabilities/66681https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611
2011-04-13
Published
2022-03-03
Added to CISA KEV
Exploited in the wild