cbcvebase.
CVE-2011-0627
published 2011-05-13

CVE-2011-0627: Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary…

PriorityP270high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
5.07%
91.3th percentile
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.

Affected

84 ranges· showing 25
VendorProductVersion rangeFixed in
adobeflash_player<= 10.2.159.1
adobeflash_player<= 10.2.157.51
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player

Detection & IOCsextracted from sources · hover to see the quote

other.swf embedded in .doc (Microsoft Word)
other.swf embedded in .xls (Microsoft Excel)
  • Look for email attachments containing .doc or .xls files with embedded .swf content — the known delivery vector for CVE-2011-0627 exploitation.
  • Exploitation is Windows-platform specific; triage should prioritise Windows hosts receiving Office documents with embedded Flash objects via email.
  • Flash Player versions 10.2.159.1 and earlier (Windows/Mac/Linux/Solaris) and before 10.3.185.21 (Android) are vulnerable; inventory and flag any hosts running these versions.
  • Exploitation results in memory corruption leading to arbitrary code execution or crash; monitor for Flash Player process crashes or unexpected child process spawning from Office applications.
  • ·Adobe had not confirmed a fully successful exploit sample at time of advisory; in-the-wild exploitation was reported but unverified by Adobe.
  • ·IE and non-IE browsers on Windows require separate Flash updates (ActiveX vs. NPAPI/PPAPI plugins); detection coverage must account for both plugin types on the same host.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.