Back
CVE-2011-2462
CRITICAL
CISA KEV
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
Published: Dec 7, 2011
Modified: Apr 21, 2026
CWE-787
CWE-787
CVSS Metrics
CVSSv3
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products (3)
| Vendor | Product | Version |
|---|---|---|
| adobe | acrobat | * |
| adobe | acrobat_reader | * |
| adobe | acrobat_reader | * ≥ 9.0 |
GitHub Security Advisory GHSA-g2wp-w28c-8vg2
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on...
References (18)
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html Broken Link
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html Broken Link
- http://www.adobe.com/support/security/advisories/apsa11-04.html Vendor Advisory
- http://www.adobe.com/support/security/bulletins/apsb11-30.html Not Applicable
- http://www.adobe.com/support/security/bulletins/apsb12-01.html Not Applicable
- http://www.redhat.com/support/errata/RHSA-2012-0011.html Broken Link
- http://www.us-cert.gov/cas/techalerts/TA11-350A.html Third Party Advisory, US Government Resource
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562 Broken Link
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html Broken Link
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html Broken Link
- http://www.adobe.com/support/security/advisories/apsa11-04.html Vendor Advisory
- http://www.adobe.com/support/security/bulletins/apsb11-30.html Not Applicable
- http://www.adobe.com/support/security/bulletins/apsb12-01.html Not Applicable
- http://www.redhat.com/support/errata/RHSA-2012-0011.html Broken Link
- http://www.us-cert.gov/cas/techalerts/TA11-350A.html Third Party Advisory, US Government Resource
Risk Scores
CVSS Score
9.8 / 10
EPSS Score
91.52%
Top 0% most likely to be exploited
Threat Score
96.7 / 100
CISA Known Exploited
Date Added:
2022-06-08
Due Date:
2022-06-22
Required Action:
Apply updates per vendor instructions.
Data Sources
NVD
CISA KEV
EPSS
GitHub