CVE-2011-2462

Published: Dec 7, 2011Modified: Apr 21, 2026CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

Affected (3)

Products: Adobe: Acrobat, Acrobat Reader

2 products

Configuration A

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Acrobat	Up to 10.1.1
Adobe Acrobat Reader	Up to 10.1.1

Running on/with	Platform Versions
Apple Mac Os X	All versions
Microsoft Windows	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Acrobat Reader	From 9.0 to 9.4.6

Running on/with	Platform Versions
Opengroup Unix	All versions

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (18)

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html

Source: psirt@adobe.com

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html

Source: psirt@adobe.com

Broken Link

http://www.adobe.com/support/security/advisories/apsa11-04.html

Source: psirt@adobe.com

Vendor Advisory

http://www.adobe.com/support/security/bulletins/apsb11-30.html

Source: psirt@adobe.com

Not Applicable

http://www.adobe.com/support/security/bulletins/apsb12-01.html

Source: psirt@adobe.com

Not Applicable

http://www.redhat.com/support/errata/RHSA-2012-0011.html

Source: psirt@adobe.com

Broken Link

http://www.us-cert.gov/cas/techalerts/TA11-350A.html

Source: psirt@adobe.com

Third Party AdvisoryUS Government Resource

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562

Source: psirt@adobe.com

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.adobe.com/support/security/advisories/apsa11-04.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.adobe.com/support/security/bulletins/apsb11-30.html

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://www.adobe.com/support/security/bulletins/apsb12-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://www.redhat.com/support/errata/RHSA-2012-0011.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.us-cert.gov/cas/techalerts/TA11-350A.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://github.com/cisagov/vulnrichment/issues/199

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Issue Tracking

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-2462

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.