Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
Published 2011-12-07 19:55:02
Updated 2017-09-19 01:33:05
View at NVD,   CVE.org
Vulnerability category: Memory CorruptionExecute codeDenial of service

CVE-2011-2462 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
The Universal 3D (U3D) component in Adobe Acrobat and Reader contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).
Added on 2022-06-08 Action due date 2022-06-22

Exploit prediction scoring system (EPSS) score for CVE-2011-2462

Probability of exploitation activity in the next 30 days: 97.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2011-2462

  • Adobe Reader U3D Memory Corruption Vulnerability
    Disclosure Date: 2011-12-06
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_reader_u3d
    This module exploits a vulnerability in the U3D handling within versions 9.x through 9.4.6 and 10 through to 10.1.1 of Adobe Reader. The vulnerability is due to the use of uninitialized memory. Arbitrary code execution is achieved by embedding specially crafted U3

CVSS scores for CVE-2011-2462

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
10.0
HIGH AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
NIST

References for CVE-2011-2462

Products affected by CVE-2011-2462

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!