CVE-2011-0609

Publication date 15 March 2011

Last updated 25 August 2025


Ubuntu priority

Cvss 3 Severity Score

7.8 · High

Score breakdown

Description

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.

Read the notes from the security team

Status

Package Ubuntu Release Status
acroread 10.10 maverick
Not affected
10.04 LTS lucid
Not affected
9.10 karmic
Not affected
8.04 LTS hardy
Not affected
6.06 LTS dapper Ignored
adobe-flashplugin 10.10 maverick
Fixed 10.2.153.1-0maverick1
10.04 LTS lucid
Fixed 10.2.153.1-0lucid1
9.10 karmic
Fixed 10.2.153.1-0karmic1
8.04 LTS hardy
Fixed 10.2.153.1-0hardy1
6.06 LTS dapper Not in release
flashplugin-nonfree 10.10 maverick
Fixed 10.2.153.1ubuntu0.10.10.1
10.04 LTS lucid
Fixed 10.2.153.1ubuntu0.10.04.1
9.10 karmic
Fixed 10.2.153.1ubuntu0.9.10.1
8.04 LTS hardy
Fixed 10.2.153.1ubuntu0.8.04.2
6.06 LTS dapper Ignored end of life

Notes


mdeslaur

Upstream description: "memory corruption vulnerability that could lead to code execution" upstream says acroread 9.x on UNIX isn't affected

Severity score breakdown

CVSS version: CVSS v3.0

Base score 7.8 · High

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H


Access our resources on patching vulnerabilities