Skip to main content

Google CVE-2011-0611

HIGH
Access of Resource Using Incompatible Type (Type Confusion) (CWE-843)
2011-04-13 psirt@adobe.com
RCE Denial Of Service Google Memory Corruption Microsoft Adobe
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 21, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Mar 26, 2026 - 11:17 vuln.today
Added to CISA KEV
Oct 22, 2025 - 01:15 cisa
CISA KEV
PoC Detected
Oct 22, 2025 - 01:15 vuln.today
Public exploit code
Patch released
Oct 22, 2025 - 01:15 nvd
Patch available
CVE Published
Apr 13, 2011 - 14:55 nvd
HIGH 8.8

DescriptionNVD

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.

AnalysisAI

Adobe Flash Player contains a type confusion vulnerability in object handling that allows remote attackers to execute arbitrary code via malicious SWF content, actively exploited in targeted attacks in April 2011.

Technical ContextAI

The CWE-843 type confusion occurs when Flash Player's ActionScript Virtual Machine (AVM2) incorrectly handles certain object types, allowing an attacker to cause the interpreter to treat one object type as another, leading to arbitrary memory read/write and code execution.

RemediationAI

Flash Player is end-of-life. Remove all installations. Block Flash content at network perimeter. Modern browsers no longer support Flash natively.

More from same product – last 7 days

CVE-2026-40412 CRITICAL
10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil
CVE-2026-41104 CRITICAL
10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal
CVE-2026-23652 CRITICAL
10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-
CVE-2026-47280 CRITICAL
10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti
CVE-2026-42901 CRITICAL
10.0 May 22

Privilege escalation in Microsoft Entra ID enables remote unauthenticated attackers to bypass origin validation and gain

Share

CVE-2011-0611 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy