cbcvebase.
CVE-2011-2110
published 2011-06-16

CVE-2011-2110: Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute…

PriorityP277critical10CVSS 2.0
AVNACLAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
86.42%
99.7th percentile
Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.

Affected

89 ranges· showing 25
VendorProductVersion rangeFixed in
adobeflash_player<= 10.3.181.23
adobeflash_player<= 10.3.185.23
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player

Detection & IOCsextracted from sources · hover to see the quote

pathdata/exploits/CVE-2011-2110.swf
filenameCVE-2011-2110.swf
  • The exploit delivers a malicious .swf file via HTTP with Content-Type application/x-shockwave-flash; detect HTTP responses serving .swf payloads with randomized filenames followed by a .txt shellcode fetch.
  • The exploit uses HTTP gzip compression and chunked transfer encoding; network sensors should inspect gzip-compressed SWF responses for CVE-2011-2110 indicators.
  • Post-exploitation, the Metasploit module automatically migrates the payload to a new process; monitor for unexpected process migration activity following Flash Player execution.
  • The vulnerability is triggered via ActionScript3 AVM2 verification logic failure when indexing an array with an arbitrary value; targets IE6, IE7, IE8, and Firefox 10.2 on Windows with ASLR/DEP bypass.
  • Exploitation was observed in targeted attacks via malicious Web pages; monitor web proxy logs for Flash Player versions 10.3.181.23 and earlier fetching .swf content from untrusted sources.
  • The exploit source ActionScript file is CVE-2011-2110.as; presence of this filename on disk or in build artifacts may indicate exploit development activity.
  • ·The exploit targets Adobe Flash Player versions 10.3.181.23 and earlier on Windows, Macintosh, Linux, and Solaris, and 10.3.185.23 and earlier on Android; the patched version is 10.3.181.26.
  • ·The Metasploit module's EXITFUNC is set to 'process', meaning the exploit terminates the hosting process on exit; this affects post-exploitation forensic artifacts.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.