Vulnerability Details : CVE-2011-0599
The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointer calculation related to 4/8-bit RLE compression, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602.
Vulnerability category: Input validationExecute code
Products affected by CVE-2011-0599
- cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.4.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0599
41.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0599
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2011-0599
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0599
-
http://www.redhat.com/support/errata/RHSA-2011-0301.html
Support
-
http://www.zerodayinitiative.com/advisories/ZDI-11-072/
ZDI-11-072 | Zero Day Initiative
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12424
Repository / Oval Repository
-
http://www.securityfocus.com/archive/1/516314
SecurityFocus
-
http://www.vupen.com/english/advisories/2011/0492
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2011/0337
Webmail | OVH- OVH
-
http://www.adobe.com/support/security/bulletins/apsb11-03.html
Adobe - Security Bulletins: APSB11-03 - Security updates available for Adobe Reader and AcrobatPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/46220
Adobe Acrobat and Reader RLE Decompressed Bitmap Color Data Remote Code Execution Vulnerability
-
http://www.securitytracker.com/id?1025033
Adobe Reader and Acrobat Multiple Flaws Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks and Let Local Users Gain Elevated Privileges - SecurityTracker
Jump to