Cyber Resilience

CVE-2011-2462

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 07 December 2011

Published
07 December 2011
Modified
21 April 2026
KEV Added
08 June 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9160 99.7th percentile
Risk Priority 95 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2011-2462 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Adobe Acrobat Reader. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

The vulnerability CVE-2011-2462 is an unspecified flaw in the U3D component of Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, as well as Adobe Reader 9.x through 9.4.6 on UNIX. It is associated with CWE-787 and results in memory corruption, reflected in its CVSS 3.1 score of 9.8.

Remote attackers can exploit the issue via unknown vectors to execute arbitrary code or cause a denial of service. The vulnerability was exploited in the wild in December 2011.

Adobe security advisories APSA11-04, APSB11-30, and APSB12-01, along with corresponding openSUSE updates, address the flaw through vendor-supplied patches for the affected Reader and Acrobat releases. Organizations are advised to apply these updates promptly to eliminate exposure.

EU & UK References

Vulnerability details

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of…

more

service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

CWE(s)
KEV Date Added
08 June 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

adobe
acrobat
≤ 10.1.1
adobe
acrobat reader
≤ 10.1.1 · 9.0 — 9.4.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of vendor patches that remediate the U3D memory-corruption flaw in Adobe Reader/Acrobat.

prevent

Requires integrity verification of software/firmware to ensure only patched, untampered Adobe binaries are executed.

detect

Mandates scanning to discover unpatched instances of Adobe Reader/Acrobat vulnerable to CVE-2011-2462.

References