Vulnerability Details : CVE-2011-2462
Public exploit exists!
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2011-2462
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
CVE-2011-2462 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
The Universal 3D (U3D) component in Adobe Acrobat and Reader contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2011-2462
Added on
2022-06-08
Action due date
2022-06-22
Exploit prediction scoring system (EPSS) score for CVE-2011-2462
93.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-2462
-
Adobe Reader U3D Memory Corruption Vulnerability
Disclosure Date: 2011-12-06First seen: 2020-04-26exploit/windows/fileformat/adobe_reader_u3dThis module exploits a vulnerability in the U3D handling within versions 9.x through 9.4.6 and 10 through to 10.1.1 of Adobe Reader. The vulnerability is due to the use of uninitialized memory. Arbitrary code execution is achieved by embedding specially crafted U3
CVSS scores for CVE-2011-2462
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-04 |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-12-20 |
CWE ids for CVE-2011-2462
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2011-2462
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562
Repository / Oval RepositoryBroken Link
-
http://www.adobe.com/support/security/bulletins/apsb11-30.html
Adobe - Security Bulletins: APSB11-30 - Security updates available for Adobe Reader and AcrobatNot Applicable
-
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html
[security-announce] openSUSE-SU-2012:0087-1: important: acroreadBroken Link
-
http://www.us-cert.gov/cas/techalerts/TA11-350A.html
Adobe Updates for Multiple Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
http://www.adobe.com/support/security/advisories/apsa11-04.html
Adobe Security Advisories: APSA11-04 - Security Advisory for Adobe Reader and AcrobatVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2012-0011.html
SupportBroken Link
-
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html
[security-announce] SUSE-SU-2012:0086-1: important: Security update forBroken Link
-
http://www.adobe.com/support/security/bulletins/apsb12-01.html
Adobe - Security Bulletins: APSB12-01 - Security updates available for Adobe Reader and AcrobatNot Applicable
Jump to