VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 22, 2011· Updated Apr 29, 2026

CVE-2011-2426

CVE-2011-2426

Description

Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A stack-based buffer overflow in Adobe Flash Player's ActionScript Virtual Machine allows remote attackers to execute arbitrary code on affected platforms.

Vulnerability

A stack-based buffer overflow exists in the ActionScript Virtual Machine (AVM) component of Adobe Flash Player. This vulnerability affects versions before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android. The issue allows remote attackers to trigger memory corruption via unspecified vectors [1].

Exploitation

Exploitation requires the attacker to convince a user to view a specially crafted Flash file, typically via a web browser or document containing the malicious .swf. No additional authentication or privileges are needed on the target system, as the vulnerability is reachable through standard content delivery mechanisms.

Impact

Successful exploitation grants the attacker arbitrary code execution within the context of the affected Flash Player instance. This can lead to complete compromise of the user's system, including data theft, installation of malware, or further propagation into the network.

Mitigation

The vulnerability is fixed in Adobe Flash Player 10.3.183.10 (desktop operating systems) and 10.3.186.7 (Android). Users should update to these versions or later. Red Hat has also released an advisory as RHSA-2011:1333 for affected packages on Red Hat Enterprise Linux [1]. No workarounds are documented; mitigation relies solely on applying the vendor patch.

References
  1. Support

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

96
  • Adobe Inc./Flashplayer95 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 94 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=10.3.183.7
    • cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.157.51:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.2.159.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.14:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.16:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.23:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.34:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.181.36:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.183.5:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.185.21:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.185.23:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.185.25:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:10.3.186.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*
  • Adobe Inc./Flash Playerllm-fuzzy
    Range: <10.3.183.10 (desktop) / <10.3.186.7 (Android)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.