CVE-2011-0627
published 2011-05-13CVE-2011-0627: Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary…
PriorityP270high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
5.07%
91.3th percentile
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
Affected
84 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | <= 10.2.159.1 | — |
| adobe | flash_player | <= 10.2.157.51 | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for email attachments containing .doc or .xls files with embedded .swf content — the known delivery vector for CVE-2011-0627 exploitation. ↗
- →Exploitation is Windows-platform specific; triage should prioritise Windows hosts receiving Office documents with embedded Flash objects via email. ↗
- →Flash Player versions 10.2.159.1 and earlier (Windows/Mac/Linux/Solaris) and before 10.3.185.21 (Android) are vulnerable; inventory and flag any hosts running these versions. ↗
- →Exploitation results in memory corruption leading to arbitrary code execution or crash; monitor for Flash Player process crashes or unexpected child process spawning from Office applications. ↗
- ·Adobe had not confirmed a fully successful exploit sample at time of advisory; in-the-wild exploitation was reported but unverified by Adobe. ↗
- ·IE and non-IE browsers on Windows require separate Flash updates (ActiveX vs. NPAPI/PPAPI plugins); detection coverage must account for both plugin types on the same host. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
flash-plugin: crash and potential arbitrary code execution (APSB11-12)
vendor_redhat·2011-05-12·CVSS 9.3
CVE-2011-0627 [CRITICAL] flash-plugin: crash and potential arbitrary code execution (APSB11-12)
flash-plugin: crash and potential arbitrary code execution (APSB11-12)
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
GHSA
GHSA-585f-rvf9-f227: Adobe Flash Player before 10
ghsa_unreviewed·2022-05-14
CVE-2011-0627 [HIGH] CWE-20 GHSA-585f-rvf9-f227: Adobe Flash Player before 10
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
VulnCheck
Adobe Flash Player Improper Input Validation
vulncheck·2011·CVSS 9.3
CVE-2011-0627 [CRITICAL] Adobe Flash Player Improper Input Validation
Adobe Flash Player Improper Input Validation
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
Affected: Adobe Flash Player
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://web.archive.org/web/20110605133404/http://www.adobe.com/support/security/bulletins/apsb11-12.html; https://www.cve.org/CVERecord?id=CVE-2011-0627
No detection rules found.
No public exploits indexed.
Krebs
Critical Flash Player Update Plugs 11 Holes
blogs_krebs·2011-05-13·CVSS 9.3
CVE-2011-0627 [CRITICAL] Critical Flash Player Update Plugs 11 Holes
Adobe has released another batch of security updates for its ubiquitous Flash Player software. This “critical” patch fixes at least 11 vulnerabilities, including one that reports suggest is being exploited in targeted email attacks.
In the advisory that accompanies this update, Adobe said “there are reports of malware attempting to exploit one of the vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform. However, to date, Adobe has not obtained a sample that successfully completes an attack.”
The vulnerabilities exist in Flash versions 10.2.159.1 and earlier for Windows, Mac, Linux and Solaris. To learn which version of Flash you have, visit thi
Krebs
Critical Flash Player Update Plugs 11 Holes – Krebs on Security
blogs_krebs·2011-05-01·CVSS 9.3
CVE-2011-0627 [CRITICAL] Critical Flash Player Update Plugs 11 Holes – Krebs on Security
Adobe has released another batch of security updates for its ubiquitous Flash Player software. This “critical” patch fixes at least 11 vulnerabilities, including one that reports suggest is being exploited in targeted email attacks.
In the advisory that accompanies this update, Adobe said “there are reports of malware attempting to exploit one of the vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform. However, to date, Adobe has not obtained a sample that successfully completes an attack.”
The vulnerabilities exist in Flash versions 10.2.159.1 and earlier for Windows, Mac , Linux and Solaris . To learn which version of Flash you have, visit t
Bugzilla
CVE-2011-0579 CVE-2011-0618 CVE-2011-0619 CVE-2011-0620 CVE-2011-0621 CVE-2011-0622 CVE-2011-0623 CVE-2011-0624 CVE-2011-0625 CVE-2011-0626 CVE-2011-0627 CVE-2011-0628 flash-plugin: crash and potentia
bugzilla·2011-05-12·CVSS 5.0
CVE-2011-0579 [MEDIUM] CVE-2011-0579 CVE-2011-0618 CVE-2011-0619 CVE-2011-0620 CVE-2011-0621 CVE-2011-0622 CVE-2011-0623 CVE-2011-0624 CVE-2011-0625 CVE-2011-0626 CVE-2011-0627 CVE-2011-0628 flash-plugin: crash and potentia
CVE-2011-0579 CVE-2011-0618 CVE-2011-0619 CVE-2011-0620 CVE-2011-0621 CVE-2011-0622 CVE-2011-0623 CVE-2011-0624 CVE-2011-0625 CVE-2011-0626 CVE-2011-0627 CVE-2011-0628 flash-plugin: crash and potential arbitrary code execution (APSB11-12)
Adobe has released APSB11-12 [1] along with Flash Player 10.3.181.14 to correct a number of critical flaws. The flaws are described as:
Critical vulnerabilities have been identified in Adobe Flash Player 10.2.159.1 and earlier versions (Adobe Flash Player 10.2.154.28 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.2.157.51 and earlier versions for Android. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. There are
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.htmlhttp://www.adobe.com/support/security/bulletins/apsb11-12.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13914https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16053http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.htmlhttp://www.adobe.com/support/security/bulletins/apsb11-12.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13914https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16053
2011-05-13
Published
Exploited in the wild