VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 10, 2011· Updated Apr 29, 2026

CVE-2011-0587

CVE-2011-0587

Description

Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0604.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, affecting versions before 10.0.1, 9.4.2, and 8.2.6 on Windows and Mac OS X.

Vulnerability

Adobe Reader and Acrobat versions 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X are affected by a cross-site scripting (XSS) vulnerability. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, as described in the CVE entry [1].

Exploitation

An attacker can exploit this vulnerability by delivering a specially crafted input (e.g., a malicious PDF or web page) to a victim. The victim must open the content using an affected version of Adobe Reader or Acrobat. The exact attack vectors are not detailed, but the vulnerability is remotely exploitable without authentication.

Impact

Successful exploitation enables the attacker to execute arbitrary web script or HTML in the context of the victim's session, potentially leading to information disclosure, session hijacking, or other client-side attacks.

Mitigation

Adobe released security updates addressing this vulnerability in versions 10.0.1, 9.4.2, and 8.2.6 and later for Windows and Mac OS X. Users should upgrade to these or later versions. The Red Hat security advisory [1] provides additional guidance for Linux distributions that bundle affected versions. No workarounds are documented in the available references.

References
  1. Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

57
  • Adobe Inc./Acrobat29 versions
    cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*+ 28 more
    • cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.4.1:*:*:*:*:*:*:*
    • (no CPE)range: <10.0.1, <9.4.2, <8.2.6
  • Adobe Inc./Acrobat Reader27 versions
    cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*+ 26 more
    • cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.4.1:*:*:*:*:*:*:*
  • Adobe Inc./Readerllm-fuzzy
    Range: <10.0.1, <9.4.2, <8.2.6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.