CVE-2011-2462

critical

Description

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

References

http://www.us-cert.gov/cas/techalerts/TA11-350A.html

https://blogs.cisco.com/security/talos/opening-zxshell

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-2462

https://github.com/cisagov/vulnrichment/issues/199

http://www.adobe.com/support/security/bulletins/apsb12-01.html

http://www.adobe.com/support/security/bulletins/apsb11-30.html

http://www.adobe.com/support/security/advisories/apsa11-04.html

Details

Source: Mitre, NVD

Published: 2011-12-07

Updated: 2025-11-22

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.92193