CVE-2011-0609 (CNNVD-201103-206)
中文标题:
Adobe Flash Player/Reader/Acrobat SWF文件内存破坏漏洞
英文标题:
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux,...
漏洞描述
中文描述:
Adobe Flash Player是美国奥多比(Adobe)公司的一款跨平台、基于浏览器的多媒体播放器产品。该产品支持跨屏幕和浏览器查看应用程序、内容和视频。Adobe Reader和Acrobat都是美国奥多比(Adobe)公司的产品。Adobe Reader是一款免费的PDF文件阅读器,Acrobat是一款PDF文件编辑和转换工具。 Adobe Flash Player,Reader和Acrobat中存在内存破坏漏洞。远程攻击者可借助特制Flash内容(作为电子邮件附件传送的Microsoft Excel中嵌入的SWF文件)执行任意代码或者导致拒绝服务(应用程序崩溃)。 该漏洞位于基于Windows,Mac OS X,Linux和Solaris的Adobe Flash Player 10.2.154.13及之前版本,基于Android 10.1.106.16及之前版本,Adobe AIR 2.5.1及之前版本,以及基于Windows,Mac OS X的Adobe Reader和Acrobat 9.x至9.4.2版本和10.x至10.0.1版本中的Authplay.dll(又称为AuthPlayLib.bundle)。
英文描述:
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| adobe | flash_player | * | - | - |
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
|
| adobe | acrobat | * | - | - |
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
|
| adobe | acrobat | 10.0 | - | - |
cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*
|
| adobe | acrobat | 10.0.1 | - | - |
cpe:2.3:a:adobe:acrobat:10.0.1:*:*:*:*:*:*:*
|
| adobe | acrobat_reader | * | - | - |
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
|
| adobe | acrobat_reader | 10.0 | - | - |
cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*
|
| adobe | acrobat_reader | 10.0.1 | - | - |
cpe:2.3:a:adobe:acrobat_reader:10.0.1:*:*:*:*:*:*:*
|
| adobe | air | * | - | - |
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
|
| opensuse | opensuse | 11.2 | - | - |
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
|
| opensuse | opensuse | 11.3 | - | - |
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
|
| opensuse | opensuse | 11.4 | - | - |
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
|
| suse | linux_enterprise | 10.0 | - | - |
cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:*
|
| suse | linux_enterprise | 11.0 | - | - |
cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*
|
| chrome | * | - | - |
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
nvd.nist.gov
exploitdb
exploitdb
cve.org
CVSS评分详情
3.1 (adp)
HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2011-0609 |
2025-11-11 15:18:20 | 2025-11-11 07:33:13 |
| NVD | nvd_CVE-2011-0609 |
2025-11-11 14:53:42 | 2025-11-11 07:42:02 |
| CNNVD | cnnvd_CNNVD-201103-206 |
2025-11-11 15:09:12 | 2025-11-11 07:49:49 |
| EXPLOITDB | exploitdb_EDB-17027 |
2025-11-11 15:05:54 | 2025-11-11 08:11:30 |
版本与语言
安全公告
变更历史
查看详细变更
- references_count: 23 -> 26
- tags_count: 0 -> 3
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-201103-206
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 0 -> 14
- references_count: 22 -> 23
- data_sources: ['cve'] -> ['cve', 'nvd']