CVE-2011-0575
CVE-2011-0575 is a medium-severity vulnerability in Adobe Flash Player with a CVSS 2.0 base score of 6.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 6.9)
- EPSS exploit prediction: 1% (49th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Adobe Flash Player
- Published:
- Last modified:
Description
Untrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
Frequently asked questions
- What is CVE-2011-0575?
- Untrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
- How severe is CVE-2011-0575?
- CVE-2011-0575 has a CVSS 2.0 base score of 6.9, rated medium severity.
- Is CVE-2011-0575 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (49th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2011-0575?
- CVE-2011-0575 primarily affects Adobe Flash Player. In total, 75 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2011-0575?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2011-0575 published?
- CVE-2011-0575 was published on 2011-02-10 and last updated on 2026-06-16.
References
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00003.html
- http://osvdb.org/70919
- http://secunia.com/advisories/43267
- http://secunia.com/advisories/43292
- http://secunia.com/advisories/43340
- http://secunia.com/advisories/43351
- http://secunia.com/advisories/43747
- http://www.adobe.com/support/security/bulletins/apsb11-02.html
- http://www.redhat.com/support/errata/RHSA-2011-0206.html
- http://www.redhat.com/support/errata/RHSA-2011-0259.html
- http://www.redhat.com/support/errata/RHSA-2011-0368.html
- http://www.securityfocus.com/archive/1/516398/100/0/threaded
- http://www.securityfocus.com/bid/46197
- http://www.securitytracker.com/id?1025055
- http://www.vupen.com/english/advisories/2011/0348
- http://www.vupen.com/english/advisories/2011/0383
- http://www.vupen.com/english/advisories/2011/0402
- http://www.vupen.com/english/advisories/2011/0646
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65238
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14095
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16127
Affected products (75)
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
More vulnerabilities in Adobe Flash Player
- CVE-2015-8459 — Critical (CVSS 10.0): Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on…
- CVE-2015-8457 — Critical (CVSS 10.0): Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and…
- CVE-2015-8455 — Critical (CVSS 10.0): Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on…
- CVE-2015-8454 — Critical (CVSS 10.0): Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and…
- CVE-2015-8452 — Critical (CVSS 10.0): Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and…
- CVE-2015-8451 — Critical (CVSS 10.0): Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on…