VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 15, 2011· Updated Apr 29, 2026

CVE-2011-2424

CVE-2011-2424

Description

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player and AIR before specific versions allow remote code execution via crafted SWF file, with about 400 unique crash signatures.

Vulnerability

CVE-2011-2424 is a memory corruption vulnerability in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.3 on Android, as well as Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android [3]. The vulnerability is triggered by a crafted SWF file, as demonstrated by fuzzing techniques that generated approximately 400 unique crash signatures [1].

Exploitation

An attacker can exploit this vulnerability by convincing a user to open a malicious SWF file, which may be delivered via a web page, email attachment, or other means. No authentication is required, and the attacker does not need prior access to the system. The fuzzing effort involved processing approximately 20TB of SWF files across 2,000 cores over 4 weeks to produce the crash-inducing samples [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code on the affected system or cause a denial of service [3]. The attacker can gain full control over the target system, potentially leading to data theft, installation of malware, or further compromise of the network.

Mitigation

Adobe released updated versions of Flash Player and AIR to address this vulnerability. For Flash Player, version 10.3.183.5 (or later) for desktop platforms and 10.3.186.3 for Android are fixed [3]. For Adobe AIR, version 2.7.1 (or later) on Windows and Mac OS X, and 2.7.1.1961 on Android are the patched versions [3]. Users should update their software immediately. No workarounds are mentioned in the available references.

References
  1. Fuzzing at scale
  2. Adobe Updates for Multiple Vulnerabilities | CISA

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

104
  • Adobe Inc./Air12 versions
    cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*range: <=2.7
    • cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:2.7:*:*:*:*:*:*:*
    • (no CPE)range: < 2.7.1 (Win,Mac) / < 2.7.1.1961 (Android)
  • Adobe Inc./Flashplayer91 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 90 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=10.3.181.36
    • cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.157.51:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.159.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.14:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.16:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.23:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.34:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.185.21:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.185.23:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*
  • Adobe Inc./Flash Playerllm-fuzzy
    Range: < 10.3.183.5 (Win,Mac,Linux,Solaris) / < 10.3.186.3 (Android)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.