CVE-2011-2462

CRITICAL KEV

Adobe Acrobat and Reader < 10.1.1 - Remote Code Execution via U3D Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2011-2462 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022. EIP tracks 2 public exploits from researchers including Metasploit, Felipe Andres Manzano, sinn3r, juan vazquez, jduck, including a Metasploit module exploits/windows/fileformat/adobe_reader_u3d.

AI-analyzed exploit summary This Metasploit module exploits a memory corruption vulnerability in Adobe Reader's U3D handling (CVE-2011-2462) via a crafted PDF with embedded U3D data and JavaScript heap spray for arbitrary code execution.

Description

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/18366

This Metasploit module exploits a memory corruption vulnerability in Adobe Reader's U3D handling (CVE-2011-2462) via a crafted PDF with embedded U3D data and JavaScript heap spray for arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Reader 9.x through 9.4.6 and 10.x through 10.1.1
No auth needed
Prerequisites: Victim must open the malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Felipe Andres Manzano, sinn3r, juan vazquez, jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_reader_u3d.rb

This Metasploit module exploits a memory corruption vulnerability in Adobe Reader's U3D handling (CVE-2011-2462) via a crafted PDF with embedded U3D data and JavaScript heap spray for arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Reader 9.x through 9.4.6 and 10.x through 10.1.1
No auth needed
Prerequisites: Victim must open the malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2012-0011.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-350A.html

Scores

CVSS v3 9.8
EPSS 0.9160
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-06-08
VulnCheck KEV 2011-12-07
InTheWild.io 2017-09-19
ENISA EUVD EUVD-2011-2451
CWE
CWE-787
Status published
Products (2)
adobe/acrobat < 10.1.1
adobe/acrobat_reader < 10.1.1
Published Dec 07, 2011
KEV Added Jun 08, 2022
Tracked Since Feb 18, 2026