CVE-2011-2462

CRITICAL
2011-12-07 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 26, 2026 - 11:17 vuln.today
Added to CISA KEV
Nov 22, 2025 - 02:00 cisa
CISA KEV
PoC Detected
Nov 22, 2025 - 02:00 vuln.today
Public exploit code
CVE Published
Dec 07, 2011 - 19:55 nvd
CRITICAL 9.8

Tags

Windows macOS

Description

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

Analysis

Adobe Reader and Acrobat contain an unspecified U3D component vulnerability causing memory corruption that allows remote code execution, exploited as a zero-day in December 2011 through crafted PDF files.

Technical Context

The CWE-787 memory corruption flaw in the U3D parsing component is triggered when Adobe Reader processes PDF files containing malformed 3D content. The corruption allows arbitrary code execution in the context of the Reader process.

Affected Products

['Adobe Reader 10.1.1 and earlier (Windows/Mac)', 'Adobe Reader 9.x through 9.4.6 (UNIX)', 'Adobe Acrobat 10.1.1 and earlier']

Remediation

Update Adobe Reader/Acrobat. Disable 3D content rendering in Adobe Reader's preferences. Deploy sandboxed PDF readers or use browser-native PDF viewing.

Priority Score

221
Low Medium High Critical
KEV: +50
EPSS: +91.9
CVSS: +49
POC: +20

Share

CVE-2011-2462 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy