Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
Conclusion & alert: CVE-2011-0609 is rated Critical Active Threat (91/100): CVSS High severity, with high exploitation likelihood (EPSS 92.08%, 100th percentile). Core evidence: CISA KEV confirms active exploitation (added 2022-06-08) affecting Adobe / Flash Player. Unauthenticated remote administrative access may be possible. Mandatory action: The CISA remediation deadline has passed—treat as an emergency patch priority.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
: Adobe Flash Player Unspecified Vulnerability · CISA KEV detail
: 2022-06-08
: 2022-06-22
: The impacted product is end-of-life and should be disconnected if still in use.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| 17027 | exploit_db | edb | 2011-03-23 | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-04-07 | 92.19% | 92.08% | -0.11% |
| 2 | 2026-04-02 | 92.01% | 92.19% | +0.18% |
| 3 | 2026-02-23 | — | 92.01% | — |
Full EPSS history (28 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.8 | 3.1 | HIGH |
|
1.8 | 5.9 | [email protected] |
| 7.8 | 3.1 | HIGH |
|
1.8 | 5.9 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| 9.3 | 2.0 | HIGH |
|
8.6 | 10.0 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
gentoo
|
normal | CVE-2011-0609: 1 GLSA(s) (201110-11), 1 atom(s) (www-plugins/adobe-flash); latest impact normal. | https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2011-0609 |
redhat
|
critical | — | https://access.redhat.com/security/cve/CVE-2011-0609 |
ubuntu
|
medium | CVE-2011-0609 medium priority: Ubuntu including 3 source packages (acroread, adobe-flashplugin, flashplugin-nonfree), 18 status rows across 6 suites (dapper, hardy, karmic, lucid, maverick, upstream): released 10, not-affected 5, ignored 2, DNE 1. | https://ubuntu.com/security/CVE-2011-0609 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| adobe | flash_player | <= 10.2.154.13 | cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* |
| adobe | flash_player | <= 10.1.106.16 | cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* |
| adobe | acrobat | >= 9.0, <= 9.4.2 | cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:* |
| adobe | acrobat | 10.0 | cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:* |
| adobe | acrobat | 10.0.1 | cpe:2.3:a:adobe:acrobat:10.0.1:*:*:*:*:*:*:* |
| adobe | acrobat_reader | >= 9.0, <= 9.4.2 | cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* |
| adobe | acrobat_reader | 10.0 | cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:* |
| adobe | acrobat_reader | 10.0.1 | cpe:2.3:a:adobe:acrobat_reader:10.0.1:*:*:*:*:*:*:* |
| adobe | air | <= 2.5.1 | cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:* |
| opensuse | opensuse | 11.2 | cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:* |
| opensuse | opensuse | 11.3 | cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:* |
| opensuse | opensuse | 11.4 | cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* |
| suse | linux_enterprise | 10.0 | cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:* |
| suse | linux_enterprise | 11.0 | cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:* |
| chrome | < 10.0.648.134 | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* |