VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 10, 2011· Updated Apr 29, 2026

CVE-2011-0604

CVE-2011-0604

Description

Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Reader/Acrobat before 10.0.1, 9.4.2, 8.2.6 on Windows/Mac OS X have an XSS vulnerability allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerability

Adobe Reader and Acrobat versions 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X contain a cross-site scripting (XSS) vulnerability. The issue arises from unspecified vectors that allow injection of arbitrary web script or HTML. This vulnerability is distinct from CVE-2011-0587 [1][2][3].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious PDF document that, when opened in a vulnerable version of Adobe Reader or Acrobat, triggers the XSS. The attack does not require authentication and can be delivered via email, web download, or other means. The user must open the malicious PDF for the exploit to succeed.

Impact

Successful exploitation allows the attacker to execute arbitrary web script or HTML in the context of the user's browser or the PDF viewer's plugin. This could lead to data theft, session hijacking, or other malicious actions depending on the user's environment.

Mitigation

Adobe has released fixed versions: 10.0.1, 9.4.2, and 8.2.6. Users should update to these versions or later. Red Hat issued advisory RHSA-2011-0301 [1], and other vendors have also provided advisories [2][3]. No workaround is available; updating is the recommended mitigation.

References
  1. Support
  2. VUPEN Security Advisories // Your IP is banned !
  3. About Secunia Research | Flexera

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

57
  • Adobe Inc./Acrobat29 versions
    cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*+ 28 more
    • cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.4.1:*:*:*:*:*:*:*
    • (no CPE)range: <10.0.1, <9.4.2, <8.2.6
  • Adobe Inc./Acrobat Reader27 versions
    cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*+ 26 more
    • cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.4.1:*:*:*:*:*:*:*
  • Adobe Inc./Readerllm-fuzzy
    Range: <10.0.1, <9.4.2, <8.2.6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.