CVE-2011-2118

Name: CVE-2011-2118
Creator: NVD / NIST
Published: 2011-06-16T23:55:02.4+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.55%

Last modified Jun 16, 2026

CVE-2011-2118 is a vulnerability of currently unknown severity. The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to an "input validation vulnerability.". EPSS estimates a 4.55% chance of exploitation in the next 30 days.

Description

The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to an "input validation vulnerability."

Metrics

EPSS Probability

4.55%

90.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Adobe	Shockwave Player	<= 11.5.9.620
Adobe	Shockwave Player	1.0
Adobe	Shockwave Player	2.0
Adobe	Shockwave Player	3.0
Adobe	Shockwave Player	4.0
Adobe	Shockwave Player	5.0
Adobe	Shockwave Player	6.0
Adobe	Shockwave Player	8.0
Adobe	Shockwave Player	8.0.196
Adobe	Shockwave Player	8.0.196a
Adobe	Shockwave Player	8.0.204
Adobe	Shockwave Player	8.0.205
Adobe	Shockwave Player	8.5.1
Adobe	Shockwave Player	8.5.1.100
Adobe	Shockwave Player	8.5.1.103
Adobe	Shockwave Player	8.5.1.105
Adobe	Shockwave Player	8.5.1.106
Adobe	Shockwave Player	8.5.321
Adobe	Shockwave Player	8.5.323
Adobe	Shockwave Player	8.5.324
Adobe	Shockwave Player	8.5.325
Adobe	Shockwave Player	9
Adobe	Shockwave Player	9.0.383
Adobe	Shockwave Player	9.0.432
Adobe	Shockwave Player	10.0.0.210
Adobe	Shockwave Player	10.0.1.004
Adobe	Shockwave Player	10.1.0.11
Adobe	Shockwave Player	10.1.0.011
Adobe	Shockwave Player	10.1.1.016
Adobe	Shockwave Player	10.1.4.020
Adobe	Shockwave Player	10.2.0.021
Adobe	Shockwave Player	10.2.0.022
Adobe	Shockwave Player	10.2.0.023
Adobe	Shockwave Player	11.0.0.456
Adobe	Shockwave Player	11.0.3.471
Adobe	Shockwave Player	11.5.0.595
Adobe	Shockwave Player	11.5.0.596
Adobe	Shockwave Player	11.5.1.601
Adobe	Shockwave Player	11.5.2.602
Adobe	Shockwave Player	11.5.6.606
Adobe	Shockwave Player	11.5.7.609
Adobe	Shockwave Player	11.5.8.612
Adobe	Shockwave Player	11.5.9.615

References

http://www.adobe.com/support/security/bulletins/apsb11-17.htmlPatch, Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA11-166A.htmlUS Government Resource
http://www.adobe.com/support/security/bulletins/apsb11-17.htmlPatch, Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA11-166A.htmlUS Government Resource

Timeline

Published: Jun 16, 2011
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-2118?

The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to an "input validation vulnerability."

How severe is CVE-2011-2118?

Severity scoring for CVE-2011-2118 is pending analysis. The EPSS model estimates a 4.55% probability of exploitation in the next 30 days.

How do I fix CVE-2011-2118?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-2118?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST