Vulnerability Details : CVE-2011-0588
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0570.
Products affected by CVE-2011-0588
- cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.4.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0588
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0588
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
References for CVE-2011-0588
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12378
Repository / Oval Repository
-
http://www.securityfocus.com/bid/46254
Adobe Acrobat and Reader CVE-2011-0588 DLL Loading Arbitrary Code Execution Vulnerability
-
http://www.vupen.com/english/advisories/2011/0337
Webmail | OVH- OVHVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65293
Adobe Reader and Acrobat DLL code execution CVE-2011-0588 Vulnerability Report
-
http://www.adobe.com/support/security/bulletins/apsb11-03.html
Adobe - Security Bulletins: APSB11-03 - Security updates available for Adobe Reader and AcrobatPatch;Vendor Advisory
-
http://www.securitytracker.com/id?1025033
Adobe Reader and Acrobat Multiple Flaws Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks and Let Local Users Gain Elevated Privileges - SecurityTracker
Jump to