CVE-2011-2462

CRITICAL KEV

Adobe Acrobat < 10.1.1 - Out-of-Bounds Write

Title source: rule

Description

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/18366
metasploit WORKING POC NORMAL
by Felipe Andres Manzano, sinn3r, juan vazquez, jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_reader_u3d.rb

References (10)

Scores

CVSS v3 9.8
EPSS 0.9180
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-06-08
VulnCheck KEV 2011-12-07
InTheWild.io 2017-09-19
ENISA EUVD EUVD-2011-2451
CWE
CWE-787
Status published
Products (2)
adobe/acrobat < 10.1.1
adobe/acrobat_reader < 10.1.1
Published Dec 07, 2011
KEV Added Jun 08, 2022
Tracked Since Feb 18, 2026