Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2011-2462 (GCVE-0-2011-2462)
Vulnerability from cvelistv5
Published
2011-12-07 19:00
Modified
2025-10-22 00:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
References
CISA Known Exploited Vulnerability
Data from the CISA Known Exploited Vulnerabilities Catalog
Date added: 2022-06-08
Due date: 2022-06-22
Required action: Apply updates per vendor instructions.
Used in ransomware: Unknown
Notes: https://nvd.nist.gov/vuln/detail/CVE-2011-2462
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:33.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:0087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/advisories/apsa11-04.html"
},
{
"name": "RHSA-2012:0011",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2012-0011.html"
},
{
"name": "SUSE-SU-2012:0086",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-30.html"
},
{
"name": "oval:org.mitre.oval:def:14562",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562"
},
{
"name": "TA11-350A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-350A.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2011-2462",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T21:47:37.887559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-06-08",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-2462"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T00:05:48.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-2462"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-06-08T00:00:00+00:00",
"value": "CVE-2011-2462 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "openSUSE-SU-2012:0087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/advisories/apsa11-04.html"
},
{
"name": "RHSA-2012:0011",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2012-0011.html"
},
{
"name": "SUSE-SU-2012:0086",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-30.html"
},
{
"name": "oval:org.mitre.oval:def:14562",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562"
},
{
"name": "TA11-350A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-350A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-2462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:0087",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-01.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html"
},
{
"name": "http://www.adobe.com/support/security/advisories/apsa11-04.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa11-04.html"
},
{
"name": "RHSA-2012:0011",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2012-0011.html"
},
{
"name": "SUSE-SU-2012:0086",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-30.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-30.html"
},
{
"name": "oval:org.mitre.oval:def:14562",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562"
},
{
"name": "TA11-350A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-350A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2011-2462",
"datePublished": "2011-12-07T19:00:00.000Z",
"dateReserved": "2011-06-06T00:00:00.000Z",
"dateUpdated": "2025-10-22T00:05:48.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2011-2462",
"cwes": "[\"CWE-787\"]",
"dateAdded": "2022-06-08",
"dueDate": "2022-06-22",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2011-2462",
"product": "Acrobat and Reader",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "The Universal 3D (U3D) component in Adobe Acrobat and Reader contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).",
"vendorProject": "Adobe",
"vulnerabilityName": "Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2011-2462\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2011-12-07T19:55:01.673\",\"lastModified\":\"2025-10-22T01:15:41.133\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en el componente de U3D en Adobe Reader y Acrobat v10.1.1 y versiones anteriores para Windows y Mac OS X, y Adobe Reader v9.x hasta v9.4.6 en UNIX, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de vectores desconocidos, explotado \\\"in the wild\\\" en diciembre de 2011.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-06-08\",\"cisaActionDue\":\"2022-06-22\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.1.1\",\"matchCriteriaId\":\"A70868B3-F3C5-4DC0-9013-78E77F424109\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.1.1\",\"matchCriteriaId\":\"68D60103-B447-48D2-9B52-81DEA719CEBE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndIncluding\":\"9.4.6\",\"matchCriteriaId\":\"0142C12E-A8F0-4E88-AECE-88F068E5E874\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A90CB3A-9BE7-475C-9E75-6ECAD2106302\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.adobe.com/support/security/advisories/apsa11-04.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb11-30.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb12-01.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2012-0011.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA11-350A.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.adobe.com/support/security/advisories/apsa11-04.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb11-30.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb12-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2012-0011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA11-350A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-2462\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html\", \"name\": \"openSUSE-SU-2012:0087\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb12-01.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.adobe.com/support/security/advisories/apsa11-04.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2012-0011.html\", \"name\": \"RHSA-2012:0011\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html\", \"name\": \"SUSE-SU-2012:0086\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-30.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562\", \"name\": \"oval:org.mitre.oval:def:14562\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-350A.html\", \"name\": \"TA11-350A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T23:00:33.994Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2011-2462\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T21:47:37.887559Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-06-08\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-2462\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-06-08T00:00:00+00:00\", \"value\": \"CVE-2011-2462 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-2462\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T21:47:35.982Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2011-12-06T00:00:00.000Z\", \"references\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html\", \"name\": \"openSUSE-SU-2012:0087\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb12-01.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.adobe.com/support/security/advisories/apsa11-04.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2012-0011.html\", \"name\": \"RHSA-2012:0011\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html\", \"name\": \"SUSE-SU-2012:0086\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-30.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562\", \"name\": \"oval:org.mitre.oval:def:14562\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-350A.html\", \"name\": \"TA11-350A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\", \"dateUpdated\": \"2017-09-18T12:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html\", \"name\": \"openSUSE-SU-2012:0087\", \"refsource\": \"SUSE\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb12-01.html\", \"name\": \"http://www.adobe.com/support/security/bulletins/apsb12-01.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.adobe.com/support/security/advisories/apsa11-04.html\", \"name\": \"http://www.adobe.com/support/security/advisories/apsa11-04.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2012-0011.html\", \"name\": \"RHSA-2012:0011\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html\", \"name\": \"SUSE-SU-2012:0086\", \"refsource\": \"SUSE\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb11-30.html\", \"name\": \"http://www.adobe.com/support/security/bulletins/apsb11-30.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562\", \"name\": \"oval:org.mitre.oval:def:14562\", \"refsource\": \"OVAL\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-350A.html\", \"name\": \"TA11-350A\", \"refsource\": \"CERT\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2011-2462\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@adobe.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2011-2462\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-22T00:05:48.814Z\", \"dateReserved\": \"2011-06-06T00:00:00.000Z\", \"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"datePublished\": \"2011-12-07T19:00:00.000Z\", \"assignerShortName\": \"adobe\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTA-2011-ALE-008
Vulnerability from certfr_alerte
Une vulnérabilité permettant l'exécution de code arbitraire à distance affecte les produits Adobe Acrobat et Adobe Reader. Celle-ci est actuellement exploitée.
Un correctif est publié pour la version 9 des deux produits.
Description
Les logiciels Adobe Acrobat et Adobe Reader sont vulnérables à une faille permettant à une personne malintentionnée d'exécuter du code arbitraire à distance. Elle est actuellement exploitée sur l'Internet au moyen de document PDF spécialement conçus.
Contournement provisoire
Il est possible, dans les versions 10.n (ou X.n) de ces produits, d'activer des modes de protection (Protected Mode pour Adobe Reader et Protected View pour Adobe Acrobat ) pour rendre plus difficile l'exploitation de cette vulnérabilité. Adobe annonce qu'un correctif pour ces versions sera publié le 10 janvier 2012.
Le CERTA recommande l'utilisation d'un logiciel alternatif tant qu'un correctif n'est pas disponible.
Mise à jour du 19 décembre 2011 : la version 9.4.7 de chacun des deux produits corrige le problème. Mise à jour du 10 janvier 2012 : les versions 9.5 et 10.1.2 de chacun des deux produits corrigent le problème.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat | Adobe Acrobat 9.4.6 et versions 9.x antérieures pour systèmes Windows et Macintosh. | ||
| Adobe | Acrobat | Adobe Acrobat X (10.1.1) et versions 10.x antérieures pour systèmes Windows et Macintosh ; | ||
| Adobe | Acrobat | Adobe Reader 9.4.6 et versions 9.x antérieures pour systèmes Windows, Macintosh et UNIX ; | ||
| Adobe | Acrobat | Adobe Reader X (10.1.1) et versions 10.x antérieures pour systèmes Windows et Macintosh ; |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Acrobat 9.4.6 et versions 9.x ant\u00e9rieures pour syst\u00e8mes Windows et Macintosh.",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat X (10.1.1) et versions 10.x ant\u00e9rieures pour syst\u00e8mes Windows et Macintosh ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Reader 9.4.6 et versions 9.x ant\u00e9rieures pour syst\u00e8mes Windows, Macintosh et UNIX ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Reader X (10.1.1) et versions 10.x ant\u00e9rieures pour syst\u00e8mes Windows et Macintosh ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"closed_at": "2012-01-10",
"content": "## Description\n\nLes logiciels Adobe Acrobat et Adobe Reader sont vuln\u00e9rables \u00e0 une\nfaille permettant \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance. Elle est actuellement exploit\u00e9e sur l\u0027Internet au\nmoyen de document PDF sp\u00e9cialement con\u00e7us.\n\n## Contournement provisoire\n\nIl est possible, dans les versions 10.n (ou X.n) de ces produits,\nd\u0027activer des modes de protection (Protected Mode pour Adobe Reader et\nProtected View pour Adobe Acrobat ) pour rendre plus difficile\nl\u0027exploitation de cette vuln\u00e9rabilit\u00e9. Adobe annonce qu\u0027un correctif\npour ces versions sera publi\u00e9 le 10 janvier 2012.\n\nLe CERTA recommande l\u0027utilisation d\u0027un logiciel alternatif tant qu\u0027un\ncorrectif n\u0027est pas disponible.\n\n \n \n\nMise \u00e0 jour du 19 d\u00e9cembre 2011\u00a0: la version 9.4.7 de chacun des deux\nproduits corrige le probl\u00e8me. Mise \u00e0 jour du 10 janvier 2012\u00a0: les\nversions 9.5 et 10.1.2 de chacun des deux produits corrigent le\nprobl\u00e8me.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2462",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2462"
}
],
"initial_release_date": "2011-12-07T00:00:00",
"last_revision_date": "2012-01-10T00:00:00",
"links": [
{
"title": "Avis du CERTA CERTA-2011-AVI-705 du 19 d\u00e9cembre 2011 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-705/index.html"
},
{
"title": "Avis du CERTA CERTA-2012-AVI-014 du 10 janvier 2012 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2012-AVI-014/index.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB12-01 du 10 janvier 2012 :",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB11-30 du 16 d\u00e9cembre 2011 :",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-30.html"
}
],
"reference": "CERTA-2011-ALE-008",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-12-07T00:00:00.000000"
},
{
"description": "publication d\u0027un correctif pour les versions 9.",
"revision_date": "2011-12-19T00:00:00.000000"
},
{
"description": "publication d\u0027un correctif pour les versions 10.",
"revision_date": "2012-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance\naffecte les produits Adobe Acrobat et Adobe Reader. Celle-ci est\nactuellement exploit\u00e9e.\n\nUn correctif est publi\u00e9 pour la version 9 des deux produits.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Adobe Reader et Acrobat",
"vendor_advisories": [
{
"published_at": null,
"title": "Alerte de s\u00e9curit\u00e9 Adobe APSA11-04 du 16 d\u00e9cembre 2011",
"url": "http://www.adobe.com/support/security/advisories/apsa11-04.html"
}
]
}
ghsa-g2wp-w28c-8vg2
Vulnerability from github
Published
2022-05-17 01:01
Modified
2025-10-22 03:30
Severity ?
VLAI Severity ?
Details
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
{
"affected": [],
"aliases": [
"CVE-2011-2462"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-12-07T19:55:00Z",
"severity": "HIGH"
},
"details": "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.",
"id": "GHSA-g2wp-w28c-8vg2",
"modified": "2025-10-22T03:30:30Z",
"published": "2022-05-17T01:01:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2462"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-2462"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html"
},
{
"type": "WEB",
"url": "http://www.adobe.com/support/security/advisories/apsa11-04.html"
},
{
"type": "WEB",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-30.html"
},
{
"type": "WEB",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2012-0011.html"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-350A.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
var-201112-0167
Vulnerability from variot
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. ( Memory corruption ) A state vulnerability exists.Arbitrary code execution or denial of service by a third party ( Memory corruption ) It may be in a state. Adobe Acrobat and Reader are prone to a remote memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Acrobat is a series of products aimed at enterprises, technicians and creative professionals launched in 1993, making the transmission and collaboration of intelligent documents more flexible, reliable and secure. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: acroread security update Advisory ID: RHSA-2012:0011-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0011.html Issue date: 2012-01-10 CVE Names: CVE-2011-2462 CVE-2011-4369 =====================================================================
- Summary:
Updated acroread packages that fix two security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures:
Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
Adobe Reader allows users to view and print documents in Portable Document Format (PDF). These flaws are detailed on the Adobe security page APSB11-30, listed in the References section. Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Package List:
Red Hat Enterprise Linux AS version 4 Extras:
i386: acroread-9.4.7-1.el4.i386.rpm acroread-plugin-9.4.7-1.el4.i386.rpm
x86_64: acroread-9.4.7-1.el4.i386.rpm
Red Hat Desktop version 4 Extras:
i386: acroread-9.4.7-1.el4.i386.rpm acroread-plugin-9.4.7-1.el4.i386.rpm
x86_64: acroread-9.4.7-1.el4.i386.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: acroread-9.4.7-1.el4.i386.rpm acroread-plugin-9.4.7-1.el4.i386.rpm
x86_64: acroread-9.4.7-1.el4.i386.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: acroread-9.4.7-1.el4.i386.rpm acroread-plugin-9.4.7-1.el4.i386.rpm
x86_64: acroread-9.4.7-1.el4.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: acroread-9.4.7-1.el5.i386.rpm acroread-plugin-9.4.7-1.el5.i386.rpm
x86_64: acroread-9.4.7-1.el5.i386.rpm acroread-plugin-9.4.7-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: acroread-9.4.7-1.el5.i386.rpm acroread-plugin-9.4.7-1.el5.i386.rpm
x86_64: acroread-9.4.7-1.el5.i386.rpm acroread-plugin-9.4.7-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm
x86_64: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm
x86_64: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm
x86_64: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-2462.html https://www.redhat.com/security/data/cve/CVE-2011-4369.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-30.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Reader users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.4.7"
References
[ 1 ] CVE-2010-4091 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4091 [ 2 ] CVE-2011-0562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0562 [ 3 ] CVE-2011-0563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0563 [ 4 ] CVE-2011-0565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0565 [ 5 ] CVE-2011-0566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0566 [ 6 ] CVE-2011-0567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0567 [ 7 ] CVE-2011-0570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0570 [ 8 ] CVE-2011-0585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0585 [ 9 ] CVE-2011-0586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0586 [ 10 ] CVE-2011-0587 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0587 [ 11 ] CVE-2011-0588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0588 [ 12 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 13 ] CVE-2011-0590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0590 [ 14 ] CVE-2011-0591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0591 [ 15 ] CVE-2011-0592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0592 [ 16 ] CVE-2011-0593 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0593 [ 17 ] CVE-2011-0594 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0594 [ 18 ] CVE-2011-0595 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0595 [ 19 ] CVE-2011-0596 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0596 [ 20 ] CVE-2011-0598 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0598 [ 21 ] CVE-2011-0599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0599 [ 22 ] CVE-2011-0600 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0600 [ 23 ] CVE-2011-0602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0602 [ 24 ] CVE-2011-0603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0603 [ 25 ] CVE-2011-0604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0604 [ 26 ] CVE-2011-0605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0605 [ 27 ] CVE-2011-0606 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0606 [ 28 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 29 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 30 ] CVE-2011-2135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 31 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 32 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 33 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 34 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 35 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 36 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 37 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 38 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 39 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 40 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 41 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 42 ] CVE-2011-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2431 [ 43 ] CVE-2011-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2432 [ 44 ] CVE-2011-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2433 [ 45 ] CVE-2011-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2434 [ 46 ] CVE-2011-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2435 [ 47 ] CVE-2011-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2436 [ 48 ] CVE-2011-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2437 [ 49 ] CVE-2011-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2438 [ 50 ] CVE-2011-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2439 [ 51 ] CVE-2011-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2440 [ 52 ] CVE-2011-2441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2441 [ 53 ] CVE-2011-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2442 [ 54 ] CVE-2011-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2462 [ 55 ] CVE-2011-4369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4369
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201201-19.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
I. Description
Adobe Security Bulletin APSB11-30 and Adobe Security Advisory APSA11-04 describe a number of vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities affect Reader and Acrobat 9.4.6 and earlier 9.x versions. These vulnerabilities also affect Reader X and Acrobat X 10.1.1 and earlier 10.x versions.
An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in, which can automatically open PDF documents hosted on a website, is available for multiple web browsers and operating systems.
Adobe Reader X and Adobe Acrobat X will be patched in the next quarterly update scheduled for January 10, 2012.
II. Impact
These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file.
III. Solution
Update Reader
Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB11-30 and update vulnerable versions of Adobe Reader and Acrobat.
In addition to updating, please consider the following mitigations.
Disable Flash in Adobe Reader and Acrobat
Disabling Flash in Adobe Reader will mitigate attacks that rely on Flash content embedded in a PDF file. Disabling 3D & Multimedia support does not directly address the vulnerability, but it does provide additional mitigation and results in a more user-friendly error message instead of a crash. To disable Flash and 3D & Multimedia support in Adobe Reader 9, delete, rename, or remove access to these files:
Microsoft Windows "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll"
Apple Mac OS X "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle" "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/Adobe3D.framework"
GNU/Linux (locations may vary among distributions) "/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so" "/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so"
File locations may be different for Adobe Acrobat or other Adobe products that include Flash and 3D & Multimedia support. Disabling these plugins will reduce functionality and will not protect against Flash content that is hosted on websites. Depending on the update schedule for products other than Flash Player, consider leaving Flash and 3D & Multimedia support disabled unless they are absolutely required. Acrobat JavaScript can be disabled using the Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable Acrobat JavaScript).
Adobe provides a framework to blacklist specific JavaScipt APIs. If JavaScript must be enabled, this framework may be useful when specific APIs are known to be vulnerable or used in attacks.
Prevent Internet Explorer from automatically opening PDF files
The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to a safer option that prompts the user by importing the following as a .REG file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00
Disable the display of PDF files in the web browser
Preventing PDF files from opening inside a web browser will partially mitigate this vulnerability. If this workaround is applied, it may also mitigate future vulnerabilities.
To prevent PDF files from automatically being opened in a web browser, do the following:
- Open the Edit menu.
- Choose the Preferences option.
- Choose the Internet section.
- Uncheck the "Display PDF in browser" checkbox. PDF documents that use the PRC format for 3D content will continue to function on Windows and Linux platforms.
To disable U3D support in Adobe Reader 9 on Microsoft Windows, delete or rename this file:
"%ProgramFiles%\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d"
For Apple Mac OS X, delete or rename this directory:
"/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/Adobe3D.framework"
For GNU/Linux, delete or rename this file (locations may vary among distributions):
"/opt/Adobe/Reader9/Reader/intellinux/plug_ins3d/3difr.x3d"
File locations may be different for Adobe Acrobat or other Adobe products or versions.
Do not access PDF files from untrusted sources
Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010.
IV. Please send email to cert@cert.org with "TA11-350A Feedback VU#759307" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2011 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
December 16, 2011: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTuuZnz/GkGVXE7GMAQIN8ggAjjQO8LOasl98uasGZW2J5SHfkKr675Mf ymRzBagFqO9QuId2RvFG2b9nuq5zdqETsrcG1t668wtYLUhBaoLmFXPe/KsDQ9n+ /p9PctVJFmJpV92S3kAHw+u4t1n/Aa/4IdK0oXNBDhkyXrp41F27LY+aQ8FWWuxZ lL4jXSUQ/gLgb6hOhLjRCsQtEhAcPbX/mPNxl6bACXZaOVZT88fz9M7JXryDiJWO uuFi3O2GT0Bd3fEsL57U/TSbq8SynadObMSj4/+Q1HmOHcD0L5gzd9/N4M3D1Emg y7aeUpgycY5eFefY3LVVkb7JkTUbEZHbuNHydFKIJDRlaXBAo+D0QQ== =rKM4 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0167",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "acrobat reader",
"scope": "gte",
"trust": 1.0,
"vendor": "adobe",
"version": "9.0"
},
{
"model": "acrobat reader",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "9.4.6"
},
{
"model": "acrobat",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "10.1.1"
},
{
"model": "acrobat reader",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "10.1.1"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.9,
"vendor": "adobe",
"version": "9.4.6"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.9,
"vendor": "adobe",
"version": "9.3.2"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.9,
"vendor": "adobe",
"version": "9.3.1"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.9,
"vendor": "adobe",
"version": "9.1.1"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.9,
"vendor": "adobe",
"version": "9.3"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.9,
"vendor": "adobe",
"version": "9.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "adobe",
"version": null
},
{
"model": "adobe reader",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d3",
"version": "x (10.1.1) earlier 10.x for windows macintosh"
},
{
"model": "adobe reader",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d3",
"version": "9.4.6 9.x previous s for macintosh"
},
{
"model": "adobe reader",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d3",
"version": "9.4.7 9.x previous s for windows"
},
{
"model": "adobe acrobat",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d3",
"version": null
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "9.1"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "9.1.2"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "9.0"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "9.1.3"
},
{
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise desktop sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.3"
},
{
"model": "enterprise linux ws extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux as extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "desktop extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "hat enterprise linux workstation supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux server supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux desktop supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.1"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.6"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.3.4"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.3.3"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.3.2"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.3.1"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.1.3"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.1.2"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.1.1"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.5"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.4"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.3"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.2"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.1"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.3"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.2"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.1"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.3"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.2"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.1"
},
{
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.1"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.6"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.3.4"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.3.3"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.3.2"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.3.1"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.1.3"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.1.2"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.5"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.4"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.3"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.2"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.1"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.3"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.2"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.1"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.3"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.2"
},
{
"model": "acrobat standard",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.1"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.1"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.6"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.3.4"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.3.3"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.3.2"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.3.1"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.1.3"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.1.2"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.5"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.4"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.3"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.2"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.1"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.3"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.2"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.1"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.3"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.2"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.1"
},
{
"model": "acrobat professional",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.1"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.3.3"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "8.2.4"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.5"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.4"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.3"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.2"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.1"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "9"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.3"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.2"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0.1"
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "10.0"
},
{
"model": "reader",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.2"
},
{
"model": "reader",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.7"
},
{
"model": "reader",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "9.5"
},
{
"model": "acrobat standard",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.2"
},
{
"model": "acrobat standard",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.7"
},
{
"model": "acrobat standard",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "9.5"
},
{
"model": "acrobat professional",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.2"
},
{
"model": "acrobat professional",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.7"
},
{
"model": "acrobat professional",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "9.5"
},
{
"model": "acrobat",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "10.1.2"
},
{
"model": "acrobat",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "9.4.7"
},
{
"model": "acrobat",
"scope": "ne",
"trust": 0.3,
"vendor": "adobe",
"version": "9.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#759307"
},
{
"db": "BID",
"id": "50922"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003287"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-061"
},
{
"db": "NVD",
"id": "CVE-2011-2462"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lockheed Martin CIRT and MITRE",
"sources": [
{
"db": "BID",
"id": "50922"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-061"
}
],
"trust": 0.9
},
"cve": "CVE-2011-2462",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-2462",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-50407",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2011-2462",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2011-2462",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-2462",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#759307",
"trust": 0.8,
"value": "52.51"
},
{
"author": "NVD",
"id": "CVE-2011-2462",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-061",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-50407",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2011-2462",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#759307"
},
{
"db": "VULHUB",
"id": "VHN-50407"
},
{
"db": "VULMON",
"id": "CVE-2011-2462"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003287"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-061"
},
{
"db": "NVD",
"id": "CVE-2011-2462"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. ( Memory corruption ) A state vulnerability exists.Arbitrary code execution or denial of service by a third party ( Memory corruption ) It may be in a state. Adobe Acrobat and Reader are prone to a remote memory corruption vulnerability. \nAttackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Acrobat is a series of products aimed at enterprises, technicians and creative professionals launched in 1993, making the transmission and collaboration of intelligent documents more flexible, reliable and secure. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: acroread security update\nAdvisory ID: RHSA-2012:0011-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0011.html\nIssue date: 2012-01-10\nCVE Names: CVE-2011-2462 CVE-2011-4369 \n=====================================================================\n\n1. Summary:\n\nUpdated acroread packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6\nSupplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. Relevant releases/architectures:\n\nRed Hat Desktop version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux AS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux ES version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux WS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nAdobe Reader allows users to view and print documents in Portable Document\nFormat (PDF). These flaws are\ndetailed on the Adobe security page APSB11-30, listed in the References\nsection. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Package List:\n\nRed Hat Enterprise Linux AS version 4 Extras:\n\ni386:\nacroread-9.4.7-1.el4.i386.rpm\nacroread-plugin-9.4.7-1.el4.i386.rpm\n\nx86_64:\nacroread-9.4.7-1.el4.i386.rpm\n\nRed Hat Desktop version 4 Extras:\n\ni386:\nacroread-9.4.7-1.el4.i386.rpm\nacroread-plugin-9.4.7-1.el4.i386.rpm\n\nx86_64:\nacroread-9.4.7-1.el4.i386.rpm\n\nRed Hat Enterprise Linux ES version 4 Extras:\n\ni386:\nacroread-9.4.7-1.el4.i386.rpm\nacroread-plugin-9.4.7-1.el4.i386.rpm\n\nx86_64:\nacroread-9.4.7-1.el4.i386.rpm\n\nRed Hat Enterprise Linux WS version 4 Extras:\n\ni386:\nacroread-9.4.7-1.el4.i386.rpm\nacroread-plugin-9.4.7-1.el4.i386.rpm\n\nx86_64:\nacroread-9.4.7-1.el4.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nacroread-9.4.7-1.el5.i386.rpm\nacroread-plugin-9.4.7-1.el5.i386.rpm\n\nx86_64:\nacroread-9.4.7-1.el5.i386.rpm\nacroread-plugin-9.4.7-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nacroread-9.4.7-1.el5.i386.rpm\nacroread-plugin-9.4.7-1.el5.i386.rpm\n\nx86_64:\nacroread-9.4.7-1.el5.i386.rpm\nacroread-plugin-9.4.7-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nacroread-9.4.7-1.el6.i686.rpm\nacroread-plugin-9.4.7-1.el6.i686.rpm\n\nx86_64:\nacroread-9.4.7-1.el6.i686.rpm\nacroread-plugin-9.4.7-1.el6.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nacroread-9.4.7-1.el6.i686.rpm\nacroread-plugin-9.4.7-1.el6.i686.rpm\n\nx86_64:\nacroread-9.4.7-1.el6.i686.rpm\nacroread-plugin-9.4.7-1.el6.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nacroread-9.4.7-1.el6.i686.rpm\nacroread-plugin-9.4.7-1.el6.i686.rpm\n\nx86_64:\nacroread-9.4.7-1.el6.i686.rpm\nacroread-plugin-9.4.7-1.el6.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-2462.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4369.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.adobe.com/support/security/bulletins/apsb11-30.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Reader users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-text/acroread-9.4.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-4091\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4091\n[ 2 ] CVE-2011-0562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0562\n[ 3 ] CVE-2011-0563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0563\n[ 4 ] CVE-2011-0565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0565\n[ 5 ] CVE-2011-0566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0566\n[ 6 ] CVE-2011-0567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0567\n[ 7 ] CVE-2011-0570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0570\n[ 8 ] CVE-2011-0585\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0585\n[ 9 ] CVE-2011-0586\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0586\n[ 10 ] CVE-2011-0587\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0587\n[ 11 ] CVE-2011-0588\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0588\n[ 12 ] CVE-2011-0589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589\n[ 13 ] CVE-2011-0590\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0590\n[ 14 ] CVE-2011-0591\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0591\n[ 15 ] CVE-2011-0592\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0592\n[ 16 ] CVE-2011-0593\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0593\n[ 17 ] CVE-2011-0594\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0594\n[ 18 ] CVE-2011-0595\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0595\n[ 19 ] CVE-2011-0596\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0596\n[ 20 ] CVE-2011-0598\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0598\n[ 21 ] CVE-2011-0599\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0599\n[ 22 ] CVE-2011-0600\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0600\n[ 23 ] CVE-2011-0602\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0602\n[ 24 ] CVE-2011-0603\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0603\n[ 25 ] CVE-2011-0604\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0604\n[ 26 ] CVE-2011-0605\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0605\n[ 27 ] CVE-2011-0606\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0606\n[ 28 ] CVE-2011-2130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130\n[ 29 ] CVE-2011-2134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134\n[ 30 ] CVE-2011-2135\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135\n[ 31 ] CVE-2011-2136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136\n[ 32 ] CVE-2011-2137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137\n[ 33 ] CVE-2011-2138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138\n[ 34 ] CVE-2011-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139\n[ 35 ] CVE-2011-2140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140\n[ 36 ] CVE-2011-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414\n[ 37 ] CVE-2011-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415\n[ 38 ] CVE-2011-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416\n[ 39 ] CVE-2011-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417\n[ 40 ] CVE-2011-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424\n[ 41 ] CVE-2011-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425\n[ 42 ] CVE-2011-2431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2431\n[ 43 ] CVE-2011-2432\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2432\n[ 44 ] CVE-2011-2433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2433\n[ 45 ] CVE-2011-2434\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2434\n[ 46 ] CVE-2011-2435\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2435\n[ 47 ] CVE-2011-2436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2436\n[ 48 ] CVE-2011-2437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2437\n[ 49 ] CVE-2011-2438\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2438\n[ 50 ] CVE-2011-2439\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2439\n[ 51 ] CVE-2011-2440\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2440\n[ 52 ] CVE-2011-2441\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2441\n[ 53 ] CVE-2011-2442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2442\n[ 54 ] CVE-2011-2462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2462\n[ 55 ] CVE-2011-4369\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4369\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201201-19.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\n\nI. Description\n\n Adobe Security Bulletin APSB11-30 and Adobe Security Advisory\n APSA11-04 describe a number of vulnerabilities affecting Adobe\n Reader and Acrobat. These vulnerabilities affect Reader and Acrobat\n 9.4.6 and earlier 9.x versions. These vulnerabilities also affect\n Reader X and Acrobat X 10.1.1 and earlier 10.x versions. \n\n An attacker could exploit these vulnerabilities by convincing a\n user to open a specially crafted PDF file. The Adobe Reader browser\n plug-in, which can automatically open PDF documents hosted on a\n website, is available for multiple web browsers and operating\n systems. \n\n Adobe Reader X and Adobe Acrobat X will be patched in the next\n quarterly update scheduled for January 10, 2012. \n\n\nII. Impact\n\n These vulnerabilities could allow a remote attacker to execute\n arbitrary code, write arbitrary files or folders to the file\n system, escalate local privileges, or cause a denial of service on\n an affected system as the result of a user opening a malicious PDF\n file. \n\n\nIII. Solution\n\n Update Reader\n\n Adobe has released updates to address this issue. Users are\n encouraged to read Adobe Security Bulletin APSB11-30 and update\n vulnerable versions of Adobe Reader and Acrobat. \n\n In addition to updating, please consider the following mitigations. \n\n Disable Flash in Adobe Reader and Acrobat\n\n Disabling Flash in Adobe Reader will mitigate attacks that rely on\n Flash content embedded in a PDF file. Disabling 3D \u0026 Multimedia\n support does not directly address the vulnerability, but it does\n provide additional mitigation and results in a more user-friendly\n error message instead of a crash. To disable Flash and 3D \u0026\n Multimedia support in Adobe Reader 9, delete, rename, or remove\n access to these files:\n\n Microsoft Windows\n \"%ProgramFiles%\\Adobe\\Reader 9.0\\Reader\\authplay.dll\"\n \"%ProgramFiles%\\Adobe\\Reader 9.0\\Reader\\rt3d.dll\"\n\n Apple Mac OS X\n \"/Applications/Adobe Reader 9/Adobe\n Reader.app/Contents/Frameworks/AuthPlayLib.bundle\"\n \"/Applications/Adobe Reader 9/Adobe\n Reader.app/Contents/Frameworks/Adobe3D.framework\"\n\n GNU/Linux (locations may vary among distributions)\n \"/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so\"\n \"/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so\"\n\n File locations may be different for Adobe Acrobat or other Adobe\n products that include Flash and 3D \u0026 Multimedia support. Disabling\n these plugins will reduce functionality and will not protect\n against Flash content that is hosted on websites. Depending on the\n update schedule for products other than Flash Player, consider\n leaving Flash and 3D \u0026 Multimedia support disabled unless they are\n absolutely required. Acrobat JavaScript can be disabled using the\n Preferences menu (Edit -\u003e Preferences -\u003e JavaScript; uncheck Enable\n Acrobat JavaScript). \n\n Adobe provides a framework to blacklist specific JavaScipt APIs. If\n JavaScript must be enabled, this framework may be useful when\n specific APIs are known to be vulnerable or used in attacks. \n\n Prevent Internet Explorer from automatically opening PDF files\n\n The installer for Adobe Reader and Acrobat configures Internet\n Explorer to automatically open PDF files without any user\n interaction. This behavior can be reverted to a safer option that\n prompts the user by importing the following as a .REG file:\n\n Windows Registry Editor Version 5.00\n\n [HKEY_CLASSES_ROOT\\AcroExch.Document.7]\n \"EditFlags\"=hex:00,00,00,00\n\n Disable the display of PDF files in the web browser\n\n Preventing PDF files from opening inside a web browser will\n partially mitigate this vulnerability. If this workaround is\n applied, it may also mitigate future vulnerabilities. \n\n To prevent PDF files from automatically being opened in a web\n browser, do the following:\n\n 1. \n 2. Open the Edit menu. \n 3. Choose the Preferences option. \n 4. Choose the Internet section. \n 5. Uncheck the \"Display PDF in browser\" checkbox. PDF documents that use the PRC format\n for 3D content will continue to function on Windows and Linux\n platforms. \n\n To disable U3D support in Adobe Reader 9 on Microsoft Windows,\n delete or rename this file:\n\n \"%ProgramFiles%\\Adobe\\Reader 9.0\\Reader\\plug_ins3d\\3difr.x3d\"\n\n For Apple Mac OS X, delete or rename this directory:\n\n \"/Applications/Adobe Reader 9/Adobe\n Reader.app/Contents/Frameworks/Adobe3D.framework\"\n\n For GNU/Linux, delete or rename this file (locations may vary among\n distributions):\n\n \"/opt/Adobe/Reader9/Reader/intellinux/plug_ins3d/3difr.x3d\"\n\n File locations may be different for Adobe Acrobat or other Adobe\n products or versions. \n\n Do not access PDF files from untrusted sources\n\n Do not open unfamiliar or unexpected PDF files, particularly those\n hosted on websites or delivered as email attachments. Please see\n Cyber Security Tip ST04-010. \n\n\nIV. Please send\n email to \u003ccert@cert.org\u003e with \"TA11-350A Feedback VU#759307\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2011 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n\n December 16, 2011: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBTuuZnz/GkGVXE7GMAQIN8ggAjjQO8LOasl98uasGZW2J5SHfkKr675Mf\nymRzBagFqO9QuId2RvFG2b9nuq5zdqETsrcG1t668wtYLUhBaoLmFXPe/KsDQ9n+\n/p9PctVJFmJpV92S3kAHw+u4t1n/Aa/4IdK0oXNBDhkyXrp41F27LY+aQ8FWWuxZ\nlL4jXSUQ/gLgb6hOhLjRCsQtEhAcPbX/mPNxl6bACXZaOVZT88fz9M7JXryDiJWO\nuuFi3O2GT0Bd3fEsL57U/TSbq8SynadObMSj4/+Q1HmOHcD0L5gzd9/N4M3D1Emg\ny7aeUpgycY5eFefY3LVVkb7JkTUbEZHbuNHydFKIJDRlaXBAo+D0QQ==\n=rKM4\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2462"
},
{
"db": "CERT/CC",
"id": "VU#759307"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003287"
},
{
"db": "BID",
"id": "50922"
},
{
"db": "VULHUB",
"id": "VHN-50407"
},
{
"db": "VULMON",
"id": "CVE-2011-2462"
},
{
"db": "PACKETSTORM",
"id": "108558"
},
{
"db": "PACKETSTORM",
"id": "109194"
},
{
"db": "PACKETSTORM",
"id": "107960"
}
],
"trust": 3.06
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-50407",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=18366",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-50407"
},
{
"db": "VULMON",
"id": "CVE-2011-2462"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-2462",
"trust": 4.7
},
{
"db": "USCERT",
"id": "TA11-350A",
"trust": 2.1
},
{
"db": "CERT/CC",
"id": "VU#759307",
"trust": 1.8
},
{
"db": "BID",
"id": "50922",
"trust": 1.0
},
{
"db": "USCERT",
"id": "TA15-119A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003287",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201112-061",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "18277",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "108558",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "18366",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "108359",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-72491",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-50407",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-2462",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109194",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107960",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#759307"
},
{
"db": "VULHUB",
"id": "VHN-50407"
},
{
"db": "VULMON",
"id": "CVE-2011-2462"
},
{
"db": "BID",
"id": "50922"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003287"
},
{
"db": "PACKETSTORM",
"id": "108558"
},
{
"db": "PACKETSTORM",
"id": "109194"
},
{
"db": "PACKETSTORM",
"id": "107960"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-061"
},
{
"db": "NVD",
"id": "CVE-2011-2462"
}
]
},
"id": "VAR-201112-0167",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-50407"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:48:20.988000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSA11-04 Fujitsu Fujitsu \u00a0 Security information",
"trust": 0.8,
"url": "http://blogs.adobe.com/asset/2011/12/background-on-cve-2011-2462.html"
},
{
"title": "Red Hat: Critical: acroread security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120011 - Security Advisory"
},
{
"title": "ExploitAnalysis",
"trust": 0.1,
"url": "https://github.com/quanyang/ExploitAnalysis "
},
{
"title": "pdf",
"trust": 0.1,
"url": "https://github.com/billytion/pdf "
},
{
"title": "peepdf",
"trust": 0.1,
"url": "https://github.com/jesparza/peepdf "
},
{
"title": "rop-collection",
"trust": 0.1,
"url": "https://github.com/season-lab/rop-collection "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2013/02/22/apt1_report_used_spear_phishing/"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/kaspersky-security-bulletin-malware-evolution-2011/36494/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/attackers-reused-adobe-reader-exploit-code-2009-extremely-targeted-hacks-011112/76088/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/adobe-plans-critical-security-updates-reader-acrobat-next-week-010612/76071/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2011/12/17/adobe_reader_critical_update/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/adobe-warns-critical-zero-day-flaw-reader-and-acrobat-120611/75965/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-2462"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003287"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003287"
},
{
"db": "NVD",
"id": "CVE-2011-2462"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.adobe.com/support/security/advisories/apsa11-04.html"
},
{
"trust": 2.0,
"url": "http://www.us-cert.gov/cas/techalerts/ta11-350a.html"
},
{
"trust": 1.6,
"url": "http://www.adobe.com/support/security/bulletins/apsb11-30.html"
},
{
"trust": 1.5,
"url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html"
},
{
"trust": 1.2,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14562"
},
{
"trust": 1.2,
"url": "http://www.redhat.com/support/errata/rhsa-2012-0011.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html"
},
{
"trust": 0.9,
"url": "http://www.kb.cert.org/vuls/id/759307"
},
{
"trust": 0.8,
"url": "http://blogs.adobe.com/asset/2011/12/background-on-cve-2011-2462.html"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/download/en/details.aspx?id=1677"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/b/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/b/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/b/srd/archive/2010/12/08/on-the-effectiveness-of-dep-and-aslr.aspx"
},
{
"trust": 0.8,
"url": "http://technet.microsoft.com/en-us/security/advisory/2639658"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu759307/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta11-350a/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/ta/jvnta99041988/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2462"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ncas/alerts/ta15-119a"
},
{
"trust": 0.8,
"url": "https://cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/vul/20111208-adobe.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50922"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18277"
},
{
"trust": 0.3,
"url": "http://www.adobe.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2012:0011"
},
{
"trust": 0.1,
"url": "https://github.com/quanyang/exploitanalysis"
},
{
"trust": 0.1,
"url": "https://github.com/jesparza/peepdf"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/18366/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-4369.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2462"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4369"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0011.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-2462.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2432"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0605"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0587"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0587"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0600"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2462"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2434"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0565"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0596"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0603"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2431"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0595"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0570"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0588"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4091"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4369"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0562"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2436"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0596"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0588"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0585"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2441"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0598"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0562"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0602"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0593"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0592"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0590"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201201-19.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0585"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0589"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0565"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0606"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0570"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0594"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0592"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0599"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4091"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2442"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2437"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0606"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0566"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0594"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0605"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0591"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0593"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2440"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0602"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0598"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://www.adobe.com/support/security/bulletins/apsb11-30.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta11-350a.html\u003e"
},
{
"trust": 0.1,
"url": "https://www.adobe.com/support/security/advisories/apsa11-04.html\u003e"
},
{
"trust": 0.1,
"url": "http://kb2.adobe.com/cps/504/cpsid_50431.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/759307\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#759307"
},
{
"db": "VULHUB",
"id": "VHN-50407"
},
{
"db": "VULMON",
"id": "CVE-2011-2462"
},
{
"db": "BID",
"id": "50922"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003287"
},
{
"db": "PACKETSTORM",
"id": "108558"
},
{
"db": "PACKETSTORM",
"id": "109194"
},
{
"db": "PACKETSTORM",
"id": "107960"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-061"
},
{
"db": "NVD",
"id": "CVE-2011-2462"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#759307"
},
{
"db": "VULHUB",
"id": "VHN-50407"
},
{
"db": "VULMON",
"id": "CVE-2011-2462"
},
{
"db": "BID",
"id": "50922"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003287"
},
{
"db": "PACKETSTORM",
"id": "108558"
},
{
"db": "PACKETSTORM",
"id": "109194"
},
{
"db": "PACKETSTORM",
"id": "107960"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-061"
},
{
"db": "NVD",
"id": "CVE-2011-2462"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-08T00:00:00",
"db": "CERT/CC",
"id": "VU#759307"
},
{
"date": "2011-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-50407"
},
{
"date": "2011-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2011-2462"
},
{
"date": "2011-12-06T00:00:00",
"db": "BID",
"id": "50922"
},
{
"date": "2011-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003287"
},
{
"date": "2012-01-11T07:30:45",
"db": "PACKETSTORM",
"id": "108558"
},
{
"date": "2012-01-31T00:07:37",
"db": "PACKETSTORM",
"id": "109194"
},
{
"date": "2011-12-17T00:27:48",
"db": "PACKETSTORM",
"id": "107960"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-061"
},
{
"date": "2011-12-07T19:55:01.673000",
"db": "NVD",
"id": "CVE-2011-2462"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-08T00:00:00",
"db": "CERT/CC",
"id": "VU#759307"
},
{
"date": "2017-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-50407"
},
{
"date": "2017-09-19T00:00:00",
"db": "VULMON",
"id": "CVE-2011-2462"
},
{
"date": "2015-03-19T09:16:00",
"db": "BID",
"id": "50922"
},
{
"date": "2024-07-05T02:02:00",
"db": "JVNDB",
"id": "JVNDB-2011-003287"
},
{
"date": "2011-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-061"
},
{
"date": "2024-11-21T01:28:19.950000",
"db": "NVD",
"id": "CVE-2011-2462"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "109194"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-061"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Acrobat and Reader U3D memory corruption vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#759307"
},
{
"db": "BID",
"id": "50922"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-061"
}
],
"trust": 0.6
}
}
gsd-2011-2462
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2011-2462",
"description": "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.",
"id": "GSD-2011-2462",
"references": [
"https://www.suse.com/security/cve/CVE-2011-2462.html",
"https://access.redhat.com/errata/RHSA-2012:0011",
"https://packetstormsecurity.com/files/cve/CVE-2011-2462"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2011-2462"
],
"details": "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.",
"id": "GSD-2011-2462",
"modified": "2023-12-13T01:19:07.405981Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-2462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:0087",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-01.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html"
},
{
"name": "http://www.adobe.com/support/security/advisories/apsa11-04.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa11-04.html"
},
{
"name": "RHSA-2012:0011",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2012-0011.html"
},
{
"name": "SUSE-SU-2012:0086",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-30.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-30.html"
},
{
"name": "oval:org.mitre.oval:def:14562",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562"
},
{
"name": "TA11-350A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-350A.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0.5c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0.5a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:3.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:3.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-2462"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/advisories/apsa11-04.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/advisories/apsa11-04.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-30.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-30.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-01.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html"
},
{
"name": "SUSE-SU-2012:0086",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html"
},
{
"name": "RHSA-2012:0011",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2012-0011.html"
},
{
"name": "openSUSE-SU-2012:0087",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html"
},
{
"name": "TA11-350A",
"refsource": "CERT",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-350A.html"
},
{
"name": "oval:org.mitre.oval:def:14562",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-09-19T01:33Z",
"publishedDate": "2011-12-07T19:55Z"
}
}
}
rhsa-2012:0011
Vulnerability from csaf_redhat
Published
2012-01-10 22:48
Modified
2025-09-26 03:12
Summary
Red Hat Security Advisory: acroread security update
Notes
Topic
Updated acroread packages that fix two security issues are now available
for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6
Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
This update fixes two security flaws in Adobe Reader. These flaws are
detailed on the Adobe security page APSB11-30, listed in the References
section. A specially-crafted PDF file could cause Adobe Reader to crash or,
potentially, execute arbitrary code as the user running Adobe Reader when
opened. (CVE-2011-2462, CVE-2011-4369)
All Adobe Reader users should install these updated packages. They contain
Adobe Reader version 9.4.7, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes two security flaws in Adobe Reader. These flaws are\ndetailed on the Adobe security page APSB11-30, listed in the References\nsection. A specially-crafted PDF file could cause Adobe Reader to crash or,\npotentially, execute arbitrary code as the user running Adobe Reader when\nopened. (CVE-2011-2462, CVE-2011-4369)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 9.4.7, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2012:0011",
"url": "https://access.redhat.com/errata/RHSA-2012:0011"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb11-30.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-30.html"
},
{
"category": "external",
"summary": "760908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=760908"
},
{
"category": "external",
"summary": "768517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=768517"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0011.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2025-09-26T03:12:17+00:00",
"generator": {
"date": "2025-09-26T03:12:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2012:0011",
"initial_release_date": "2012-01-10T22:48:00+00:00",
"revision_history": [
{
"date": "2012-01-10T22:48:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2012-01-10T22:55:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-26T03:12:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-plugin-0:9.4.7-1.el4.i386",
"product": {
"name": "acroread-plugin-0:9.4.7-1.el4.i386",
"product_id": "acroread-plugin-0:9.4.7-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.4.7-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.4.7-1.el4.i386",
"product": {
"name": "acroread-0:9.4.7-1.el4.i386",
"product_id": "acroread-0:9.4.7-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.4.7-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.4.7-1.el5.i386",
"product": {
"name": "acroread-0:9.4.7-1.el5.i386",
"product_id": "acroread-0:9.4.7-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.4.7-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:9.4.7-1.el5.i386",
"product": {
"name": "acroread-plugin-0:9.4.7-1.el5.i386",
"product_id": "acroread-plugin-0:9.4.7-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.4.7-1.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-0:9.4.7-1.el6.i686",
"product": {
"name": "acroread-0:9.4.7-1.el6.i686",
"product_id": "acroread-0:9.4.7-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.4.7-1.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:9.4.7-1.el6.i686",
"product": {
"name": "acroread-plugin-0:9.4.7-1.el6.i686",
"product_id": "acroread-plugin-0:9.4.7-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.4.7-1.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:9.4.7-1.el5.i386"
},
"product_reference": "acroread-0:9.4.7-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:9.4.7-1.el5.i386"
},
"product_reference": "acroread-0:9.4.7-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary:acroread-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary:acroread-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-2462",
"discovery_date": "2011-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "760908"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: U3D memory corruption vulnerability (APSB11-30)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-2462"
},
{
"category": "external",
"summary": "RHBZ#760908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=760908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-2462",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2462"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2462",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2462"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2011-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-01-10T22:48:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: U3D memory corruption vulnerability (APSB11-30)"
},
{
"cve": "CVE-2011-4369",
"discovery_date": "2011-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "768517"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: unspecified vulnerability in PRC component (APSB11-30)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-4369"
},
{
"category": "external",
"summary": "RHBZ#768517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=768517"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-4369",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4369"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-4369",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4369"
}
],
"release_date": "2011-12-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-01-10T22:48:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: unspecified vulnerability in PRC component (APSB11-30)"
}
]
}
RHSA-2012:0011
Vulnerability from csaf_redhat
Published
2012-01-10 22:48
Modified
2025-09-26 03:12
Summary
Red Hat Security Advisory: acroread security update
Notes
Topic
Updated acroread packages that fix two security issues are now available
for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6
Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
This update fixes two security flaws in Adobe Reader. These flaws are
detailed on the Adobe security page APSB11-30, listed in the References
section. A specially-crafted PDF file could cause Adobe Reader to crash or,
potentially, execute arbitrary code as the user running Adobe Reader when
opened. (CVE-2011-2462, CVE-2011-4369)
All Adobe Reader users should install these updated packages. They contain
Adobe Reader version 9.4.7, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes two security flaws in Adobe Reader. These flaws are\ndetailed on the Adobe security page APSB11-30, listed in the References\nsection. A specially-crafted PDF file could cause Adobe Reader to crash or,\npotentially, execute arbitrary code as the user running Adobe Reader when\nopened. (CVE-2011-2462, CVE-2011-4369)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 9.4.7, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2012:0011",
"url": "https://access.redhat.com/errata/RHSA-2012:0011"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb11-30.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-30.html"
},
{
"category": "external",
"summary": "760908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=760908"
},
{
"category": "external",
"summary": "768517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=768517"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0011.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2025-09-26T03:12:17+00:00",
"generator": {
"date": "2025-09-26T03:12:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2012:0011",
"initial_release_date": "2012-01-10T22:48:00+00:00",
"revision_history": [
{
"date": "2012-01-10T22:48:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2012-01-10T22:55:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-26T03:12:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-plugin-0:9.4.7-1.el4.i386",
"product": {
"name": "acroread-plugin-0:9.4.7-1.el4.i386",
"product_id": "acroread-plugin-0:9.4.7-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.4.7-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.4.7-1.el4.i386",
"product": {
"name": "acroread-0:9.4.7-1.el4.i386",
"product_id": "acroread-0:9.4.7-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.4.7-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.4.7-1.el5.i386",
"product": {
"name": "acroread-0:9.4.7-1.el5.i386",
"product_id": "acroread-0:9.4.7-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.4.7-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:9.4.7-1.el5.i386",
"product": {
"name": "acroread-plugin-0:9.4.7-1.el5.i386",
"product_id": "acroread-plugin-0:9.4.7-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.4.7-1.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-0:9.4.7-1.el6.i686",
"product": {
"name": "acroread-0:9.4.7-1.el6.i686",
"product_id": "acroread-0:9.4.7-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.4.7-1.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:9.4.7-1.el6.i686",
"product": {
"name": "acroread-plugin-0:9.4.7-1.el6.i686",
"product_id": "acroread-plugin-0:9.4.7-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.4.7-1.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:9.4.7-1.el5.i386"
},
"product_reference": "acroread-0:9.4.7-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:9.4.7-1.el5.i386"
},
"product_reference": "acroread-0:9.4.7-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary:acroread-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary:acroread-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-2462",
"discovery_date": "2011-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "760908"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: U3D memory corruption vulnerability (APSB11-30)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-2462"
},
{
"category": "external",
"summary": "RHBZ#760908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=760908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-2462",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2462"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2462",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2462"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2011-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-01-10T22:48:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: U3D memory corruption vulnerability (APSB11-30)"
},
{
"cve": "CVE-2011-4369",
"discovery_date": "2011-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "768517"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: unspecified vulnerability in PRC component (APSB11-30)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-4369"
},
{
"category": "external",
"summary": "RHBZ#768517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=768517"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-4369",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4369"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-4369",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4369"
}
],
"release_date": "2011-12-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-01-10T22:48:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: unspecified vulnerability in PRC component (APSB11-30)"
}
]
}
rhsa-2012_0011
Vulnerability from csaf_redhat
Published
2012-01-10 22:48
Modified
2024-11-14 11:30
Summary
Red Hat Security Advisory: acroread security update
Notes
Topic
Updated acroread packages that fix two security issues are now available
for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6
Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
This update fixes two security flaws in Adobe Reader. These flaws are
detailed on the Adobe security page APSB11-30, listed in the References
section. A specially-crafted PDF file could cause Adobe Reader to crash or,
potentially, execute arbitrary code as the user running Adobe Reader when
opened. (CVE-2011-2462, CVE-2011-4369)
All Adobe Reader users should install these updated packages. They contain
Adobe Reader version 9.4.7, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes two security flaws in Adobe Reader. These flaws are\ndetailed on the Adobe security page APSB11-30, listed in the References\nsection. A specially-crafted PDF file could cause Adobe Reader to crash or,\npotentially, execute arbitrary code as the user running Adobe Reader when\nopened. (CVE-2011-2462, CVE-2011-4369)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 9.4.7, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2012:0011",
"url": "https://access.redhat.com/errata/RHSA-2012:0011"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb11-30.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-30.html"
},
{
"category": "external",
"summary": "760908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=760908"
},
{
"category": "external",
"summary": "768517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=768517"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0011.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2024-11-14T11:30:10+00:00",
"generator": {
"date": "2024-11-14T11:30:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2012:0011",
"initial_release_date": "2012-01-10T22:48:00+00:00",
"revision_history": [
{
"date": "2012-01-10T22:48:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2012-01-10T22:55:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T11:30:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-plugin-0:9.4.7-1.el4.i386",
"product": {
"name": "acroread-plugin-0:9.4.7-1.el4.i386",
"product_id": "acroread-plugin-0:9.4.7-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.4.7-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.4.7-1.el4.i386",
"product": {
"name": "acroread-0:9.4.7-1.el4.i386",
"product_id": "acroread-0:9.4.7-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.4.7-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.4.7-1.el5.i386",
"product": {
"name": "acroread-0:9.4.7-1.el5.i386",
"product_id": "acroread-0:9.4.7-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.4.7-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:9.4.7-1.el5.i386",
"product": {
"name": "acroread-plugin-0:9.4.7-1.el5.i386",
"product_id": "acroread-plugin-0:9.4.7-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.4.7-1.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-0:9.4.7-1.el6.i686",
"product": {
"name": "acroread-0:9.4.7-1.el6.i686",
"product_id": "acroread-0:9.4.7-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.4.7-1.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:9.4.7-1.el6.i686",
"product": {
"name": "acroread-plugin-0:9.4.7-1.el6.i686",
"product_id": "acroread-plugin-0:9.4.7-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.4.7-1.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:9.4.7-1.el5.i386"
},
"product_reference": "acroread-0:9.4.7-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:9.4.7-1.el5.i386"
},
"product_reference": "acroread-0:9.4.7-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary:acroread-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary:acroread-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.4.7-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
},
"product_reference": "acroread-plugin-0:9.4.7-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-2462",
"discovery_date": "2011-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "760908"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: U3D memory corruption vulnerability (APSB11-30)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-2462"
},
{
"category": "external",
"summary": "RHBZ#760908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=760908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-2462",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2462"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2462",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2462"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2011-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-01-10T22:48:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: U3D memory corruption vulnerability (APSB11-30)"
},
{
"cve": "CVE-2011-4369",
"discovery_date": "2011-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "768517"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: unspecified vulnerability in PRC component (APSB11-30)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-4369"
},
{
"category": "external",
"summary": "RHBZ#768517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=768517"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-4369",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4369"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-4369",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4369"
}
],
"release_date": "2011-12-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-01-10T22:48:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.4.7-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-0:9.4.7-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-0:9.4.7-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-0:9.4.7-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.4.7-1.el4.i386",
"5Client-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-0:9.4.7-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.4.7-1.el5.i386",
"6Client-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Client-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Server-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-0:9.4.7-1.el6.i686",
"6Workstation-Supplementary:acroread-plugin-0:9.4.7-1.el6.i686"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: unspecified vulnerability in PRC component (APSB11-30)"
}
]
}
fkie_cve-2011-2462
Vulnerability from fkie_nvd
Published
2011-12-07 19:55
Modified
2025-10-22 01:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html | Broken Link | |
| psirt@adobe.com | http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html | Broken Link | |
| psirt@adobe.com | http://www.adobe.com/support/security/advisories/apsa11-04.html | Vendor Advisory | |
| psirt@adobe.com | http://www.adobe.com/support/security/bulletins/apsb11-30.html | Not Applicable | |
| psirt@adobe.com | http://www.adobe.com/support/security/bulletins/apsb12-01.html | Not Applicable | |
| psirt@adobe.com | http://www.redhat.com/support/errata/RHSA-2012-0011.html | Broken Link | |
| psirt@adobe.com | http://www.us-cert.gov/cas/techalerts/TA11-350A.html | Third Party Advisory, US Government Resource | |
| psirt@adobe.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.adobe.com/support/security/advisories/apsa11-04.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.adobe.com/support/security/bulletins/apsb11-30.html | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.adobe.com/support/security/bulletins/apsb12-01.html | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2012-0011.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-350A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562 | Broken Link | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-2462 |
Impacted products
{
"cisaActionDue": "2022-06-22",
"cisaExploitAdd": "2022-06-08",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A70868B3-F3C5-4DC0-9013-78E77F424109",
"versionEndIncluding": "10.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68D60103-B447-48D2-9B52-81DEA719CEBE",
"versionEndIncluding": "10.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0142C12E-A8F0-4E88-AECE-88F068E5E874",
"versionEndIncluding": "9.4.6",
"versionStartIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente de U3D en Adobe Reader y Acrobat v10.1.1 y versiones anteriores para Windows y Mac OS X, y Adobe Reader v9.x hasta v9.4.6 en UNIX, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de vectores desconocidos, explotado \"in the wild\" en diciembre de 2011."
}
],
"id": "CVE-2011-2462",
"lastModified": "2025-10-22T01:15:41.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2011-12-07T19:55:01.673",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/advisories/apsa11-04.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Not Applicable"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-30.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Not Applicable"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2012-0011.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-350A.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/advisories/apsa11-04.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-30.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2012-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-350A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-2462"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CERTA-2011-AVI-705
Vulnerability from certfr_avis
Des vulnérabilités dans Adobe Acrobat et Adobe Reader permettent à un utilisateur malveillant l'exécution de code arbitraire à distance.
Description
Des vulnérabilités affectent les composants en relation avec les fonctions de 3D des lecteurs PDF Adobe Reader et Acrobat Reader. Un attaquant peut les exploiter pour exécuter du code arbitraire sur le système d'un utilisateur qui ouvrirait un fichier au format PDF spécialement construit.
Solution
La version 9.4.7 de chacun des logiciels Adobe Acrobat et Adobe Reader corrige le problème.
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader | Adobe Acrobat 9.4.6 et versions 9.x antérieures pour systèmes Windows et Macintosh. | ||
| Adobe | Acrobat Reader | Adobe Reader 9.4.6 et versions 9.x antérieures pour systèmes Windows, Macintosh et UNIX ; | ||
| Adobe | Acrobat Reader | Adobe Acrobat X (10.1.1) et versions 10.x antérieures pour systèmes Windows et Macintosh ; | ||
| Adobe | Acrobat Reader | Adobe Reader X (10.1.1) et versions 10.x antérieures pour systèmes Windows et Macintosh ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Acrobat 9.4.6 et versions 9.x ant\u00e9rieures pour syst\u00e8mes Windows et Macintosh.",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Reader 9.4.6 et versions 9.x ant\u00e9rieures pour syst\u00e8mes Windows, Macintosh et UNIX ;",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat X (10.1.1) et versions 10.x ant\u00e9rieures pour syst\u00e8mes Windows et Macintosh ;",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Reader X (10.1.1) et versions 10.x ant\u00e9rieures pour syst\u00e8mes Windows et Macintosh ;",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDes vuln\u00e9rabilit\u00e9s affectent les composants en relation avec les\nfonctions de 3D des lecteurs PDF Adobe Reader et Acrobat Reader. Un\nattaquant peut les exploiter pour ex\u00e9cuter du code arbitraire sur le\nsyst\u00e8me d\u0027un utilisateur qui ouvrirait un fichier au format PDF\nsp\u00e9cialement construit.\n\n## Solution\n\nLa version 9.4.7 de chacun des logiciels Adobe Acrobat et Adobe Reader\ncorrige le probl\u00e8me.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2462",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2462"
},
{
"name": "CVE-2011-4369",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4369"
}
],
"initial_release_date": "2011-12-19T00:00:00",
"last_revision_date": "2011-12-19T00:00:00",
"links": [
{
"title": "Bulletin d\u0027alerte Adobe apsa11-04 du 16 d\u00e9cembre 2011 :",
"url": "http://www.adobe.com/support/security/advisories/apsa11-04.html"
},
{
"title": "Document du CERTA CERTA-2011-ALE-008 du 19 d\u00e9cembre 2011 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-ALE-008/index.html"
}
],
"reference": "CERTA-2011-AVI-705",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-12-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Des vuln\u00e9rabilit\u00e9s dans Adobe Acrobat et Adobe Reader permettent \u00e0 un\nutilisateur malveillant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Adobe Reader et Acrobat Reader",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb11-30 du 16 d\u00e9cembre 2011",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-30.html"
}
]
}
CERTA-2012-AVI-014
Vulnerability from certfr_avis
Plusieurs vulnérabilités dans Adobe Reader et Adobe Acrobat permettent l'exécution de code arbitraire à distance.
Description
Plusieurs vulnérabilités affectent les composants en relation avec les fonctions 3D des logiciels Adobe Reader et Adobe Acrobat. Un attaquant peut exécuter du code arbitraire à distance sur le système de la victime par le biais d'un fichier spécialement conçu qui serait ouvert en utilisant un de ces logiciels.
Solution
Les versions 9.5 et 10.1.2 de ces logiciels corrigent le problème.
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat | Adobe Reader 9.4.6 et antérieures pour systèmes Macintosh ; | ||
| Adobe | Acrobat | Adobe Reader X (10.1.1) et antérieures pour systèmes Windows et Macintosh ; | ||
| Adobe | Acrobat | Adobe Acrobat 9.4.7 et antérieures pour systèmes Windows ; | ||
| Adobe | Acrobat | Adobe Reader 9.4.7 et antérieures pour systèmes Windows ; | ||
| Adobe | Acrobat | Adobe Acrobat X (10.1.1) et antérieures pour systèmes Windows et Macintosh ; | ||
| Adobe | Acrobat | Adobe Acrobat 9.4.6 et antérieures pour systèmes Macintosh. |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Reader 9.4.6 et ant\u00e9rieures pour syst\u00e8mes Macintosh ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Reader X (10.1.1) et ant\u00e9rieures pour syst\u00e8mes Windows et Macintosh ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat 9.4.7 et ant\u00e9rieures pour syst\u00e8mes Windows ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Reader 9.4.7 et ant\u00e9rieures pour syst\u00e8mes Windows ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat X (10.1.1) et ant\u00e9rieures pour syst\u00e8mes Windows et Macintosh ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat 9.4.6 et ant\u00e9rieures pour syst\u00e8mes Macintosh.",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent les composants en relation avec les\nfonctions 3D des logiciels Adobe Reader et Adobe Acrobat. Un attaquant\npeut ex\u00e9cuter du code arbitraire \u00e0 distance sur le syst\u00e8me de la victime\npar le biais d\u0027un fichier sp\u00e9cialement con\u00e7u qui serait ouvert en\nutilisant un de ces logiciels.\n\n## Solution\n\nLes versions 9.5 et 10.1.2 de ces logiciels corrigent le probl\u00e8me.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-4372",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4372"
},
{
"name": "CVE-2011-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4373"
},
{
"name": "CVE-2011-4371",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4371"
},
{
"name": "CVE-2011-2462",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2462"
},
{
"name": "CVE-2011-4369",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4369"
},
{
"name": "CVE-2011-4370",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4370"
}
],
"initial_release_date": "2012-01-11T00:00:00",
"last_revision_date": "2012-01-11T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-014",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-01-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Adobe Reader et Adobe Acrobat permettent\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Adobe Reader et Adobe Acrobat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB12-01 du 10 janvier 2012",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…