CVE-2011-2462
CVE-2011-2462
In short
Adobe Reader and Acrobat have an unspecified flaw in their U3D (3D graphics) component that allows attackers to crash the application or run malicious code by opening a specially crafted document. This vulnerability was actively exploited by criminals in December 2011.
Technical detail
A memory corruption vulnerability exists in the U3D handler of Adobe Reader/Acrobat versions 10.1.1 and earlier (Windows/Mac) and 9.x through 9.4.6 (UNIX). Remote attackers can exploit this via maliciously crafted U3D content embedded in PDFs to achieve arbitrary code execution or denial of service. The attack vector requires user interaction (opening a malicious PDF).
Summary generated and translated by AI from the official description.
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/18366unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.htmlhttps://github.com/cisagov/vulnrichment/issues/199https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-2462http://www.adobe.com/support/security/advisories/apsa11-04.htmlhttp://www.adobe.com/support/security/bulletins/apsb11-30.htmlhttp://www.adobe.com/support/security/bulletins/apsb12-01.htmlhttp://www.redhat.com/support/errata/RHSA-2012-0011.htmlhttp://www.us-cert.gov/cas/techalerts/TA11-350A.html