VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 10, 2011· Updated Apr 29, 2026

CVE-2011-2138

CVE-2011-2138

Description

Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Integer overflow in Adobe Flash Player and AIR allows arbitrary code execution via unspecified vectors.

Vulnerability

An integer overflow vulnerability exists in Adobe Flash Player and Adobe AIR. Affected versions include Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.3 on Android; and Adobe AIR before 2.7.1 on Windows and Mac OS X, and before 2.7.1.1961 on Android [1][2]. The flaw is triggered via unspecified vectors, and is distinct from CVE-2011-2136 and CVE-2011-2416.

Exploitation

Exploitation requires an attacker to convince a user to open a specially crafted Flash file or visit a malicious website. The exact attack vector is not disclosed in the available references, but the integer overflow can be leveraged to corrupt memory and achieve code execution [2].

Impact

Successful exploitation allows an attacker to execute arbitrary code on the affected system with the privileges of the user running the Flash Player or AIR application. This can lead to full compromise of the system, including data theft, installation of malware, or denial of service [2].

Mitigation

Adobe released updates as part of APSB11-21 to address this vulnerability. Users should upgrade Flash Player to version 10.3.183.5 or later (desktop) or 10.3.186.3 (Android), and Adobe AIR to version 2.7.1 or later (desktop) or 2.7.1.1961 (Android) [1][2]. Red Hat also provided updated packages via RHSA-2011-1144 [1]. No workarounds are documented; updating is the recommended mitigation.

References
  1. Support
  2. Adobe Updates for Multiple Vulnerabilities | CISA

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

103
  • Adobe Inc./Air11 versions
    cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*range: <=2.7
    • cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.6:*:*:*:*:*:*:*
    • (no CPE)range: <2.7.1
  • Adobe Inc./Flashplayer91 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 90 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=10.3.181.36
    • cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.157.51:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.159.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.14:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.16:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.23:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.34:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.185.21:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.185.23:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*
  • Adobe Inc./Flash Playerllm-fuzzy
    Range: <10.3.186.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.