VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 10, 2011· Updated Apr 29, 2026

CVE-2011-2415

CVE-2011-2415

Description

Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Buffer overflow in Adobe Flash Player and AIR allows arbitrary code execution via unspecified vectors.

Vulnerability

A buffer overflow vulnerability exists in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.3 on Android, as well as in Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android [2]. The flaw is triggered via unspecified vectors, meaning the exact input or condition that causes the overflow is not publicly detailed. The affected versions are those prior to the security updates released in August 2011.

Exploitation

An attacker can exploit this vulnerability by convincing a user to open a specially crafted Flash (.swf) or AIR (.air) file, or by hosting malicious content on a website that the user visits with a vulnerable Flash Player or AIR runtime [2]. No authentication or special network position is required; the attack relies on user interaction. The unspecified vectors suggest that the overflow can be triggered through standard Flash content delivery mechanisms.

Impact

Successful exploitation allows an attacker to execute arbitrary code on the affected system with the privileges of the user running the Flash Player or AIR application [2]. This can lead to full compromise of the user's data, installation of malware, or further system control. The vulnerability is rated as critical due to the potential for remote code execution.

Mitigation

Adobe released security updates as part of APSB11-21, fixing the vulnerability in Flash Player 10.3.183.5 and later, and AIR 2.7.1 and later [2]. Red Hat issued RHSA-2011:1144 to address the issue for affected Linux distributions [1]. Users should apply the latest updates from Adobe or their operating system vendor. No workarounds are documented; updating is the only mitigation.

References
  1. Support
  2. Adobe Updates for Multiple Vulnerabilities | CISA

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

103
  • Adobe Inc./Air10 versions
    cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*range: <=2.7
    • cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.6:*:*:*:*:*:*:*
  • Adobe Inc./Flashplayer91 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 90 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=10.3.181.36
    • cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.157.51:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.159.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.14:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.16:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.23:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.34:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.185.21:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.185.23:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*
  • Adobe Inc./Adobe AIRllm-fuzzy
    Range: <2.7.1 (Windows/Mac) and <2.7.1.1961 (Android)
  • Adobe Inc./Flash Playerllm-fuzzy
    Range: <10.3.183.5 (Windows/Mac/Linux/Solaris) and <10.3.186.3 (Android)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.