⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2011-2110Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Flash Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents11 sources
Severity
10.0CRITICALNVD
EPSS
91.5%
top 0.33%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Adobe Flash Player
Timeline
PublishedJun 16
Latest updateFeb 12

Description

Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDadobe/flash_player10.3.181.23+88

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-3p7j-r8qq-j3mf: Adobe Flash Player before 102022-05-14
VulnCheck
Adobe Flash Player Improper Restriction of Operations within the Bounds of a Memory Buffer2011

💥Exploits & PoCs

2
Exploit-DB
Adobe Flash Player - AVM Verification Logic Array Indexing Code Execution (Metasploit)2012-06-20
Metasploit
Adobe Flash Player AVM Verification Logic Array Indexing Code Execution

📋Vendor Advisories

1
Red Hat
flash-plugin: memory corruption can lead to arbitrary code execution (APSB11-18)2011-06-14

🕵️Threat Intelligence

3
Tenable
Tenable Network Security Podcast - Episode 872011-06-29
Zscaler
Patching Flash - CVE-2011-2110 Post-mortem | Zscaler2011-06-21
Zscaler
Oh Flash! CVE-2011-2110 0-Day | Zscaler2011-06-17

📄Research Papers

1
arXiv
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures2025-02-12

💬Community

1
Bugzilla
CVE-2011-2110 flash-plugin: memory corruption can lead to arbitrary code execution (APSB11-18)2011-06-14