CVE-2011-0611 (CNNVD-201104-087)
中文标题:
Adobe Flash Player对象处理远程代码执行漏洞
英文标题:
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and e...
漏洞描述
中文描述:
Adobe Flash Player是一款非常流行的FLASH播放器。 Adobe Flash Player在对象类型的处理上存在远程代码执行漏洞,由于某个对象方法在被引用时没有正确识别对象的类型,导致远程攻击者可以利用此漏洞通过诱使用户访问包含恶意SWF文件的网页在用户系统上执行任意指令,从而完全控制受影响的系统。此漏洞可被用于执行挂马攻击,影响面和威胁程度都很高,需要引起用户高度重视。
英文描述:
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| adobe | flash_player | - | - | - |
cpe:2.3:a:adobe:flash_player:-:*:*:*:*:*:*:*
|
| adobe | air | - | - | - |
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
|
| adobe | reader | 9.0 | - | - |
cpe:2.3:a:adobe:reader:9.0:*:*:*:*:*:*:*
|
| adobe | reader | 10.0 | - | - |
cpe:2.3:a:adobe:reader:10.0:*:*:*:*:*:*:*
|
| adobe | acrobat | 10.0 | - | - |
cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*
|
| adobe | acrobat | 9.0 | - | - |
cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*
|
| adobe | flash_player | * | - | - |
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
|
| adobe | acrobat_reader | * | - | - |
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
|
| adobe | adobe_air | * | - | - |
cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*
|
| adobe | acrobat | * | - | - |
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
|
| chrome | * | - | - |
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
|
|
| opensuse | opensuse | 11.2 | - | - |
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
|
| opensuse | opensuse | 11.3 | - | - |
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
|
| opensuse | opensuse | 11.4 | - | - |
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
|
| suse | linux_enterprise_desktop | 10 | - | - |
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
|
| suse | linux_enterprise_desktop | 11 | - | - |
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
nvd.nist.gov
exploitdb
exploitdb
cve.org
exploitdb
exploitdb
CVSS评分详情
3.1 (adp)
HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2011-0611 |
2025-11-11 15:18:20 | 2025-11-11 07:33:13 |
| NVD | nvd_CVE-2011-0611 |
2025-11-11 14:53:42 | 2025-11-11 07:42:02 |
| CNNVD | cnnvd_CNNVD-201104-087 |
2025-11-11 15:09:12 | 2025-11-11 07:49:50 |
| EXPLOITDB | exploitdb_EDB-17175 |
2025-11-11 15:05:54 | 2025-11-11 08:11:49 |
| EXPLOITDB | exploitdb_EDB-17473 |
2025-11-11 15:05:52 | 2025-11-11 08:12:25 |
版本与语言
安全公告
变更历史
查看详细变更
- references_count: 29 -> 31
- tags_count: 4 -> 6
查看详细变更
- references_count: 26 -> 29
- tags_count: 0 -> 4
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-201104-087
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 6 -> 16
- references_count: 25 -> 26
- data_sources: ['cve'] -> ['cve', 'nvd']