Critical severity9.8CISA KEVNVD Advisory· Published Dec 7, 2011· Updated Apr 21, 2026

CVE-2011-2462

Description

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

Affected products

Adobe Inc./Acrobat
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
Range: <=10.1.1
Adobe Inc./Acrobat Reader
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
Range: <=10.1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.adobe.com/support/security/advisories/apsa11-04.htmlnvdVendor Advisory
www.us-cert.gov/cas/techalerts/TA11-350A.htmlnvdThird Party AdvisoryUS Government Resource
lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.htmlnvdBroken Link
lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.htmlnvdBroken Link
www.adobe.com/support/security/bulletins/apsb11-30.htmlnvdNot Applicable
www.adobe.com/support/security/bulletins/apsb12-01.htmlnvdNot Applicable
www.redhat.com/support/errata/RHSA-2012-0011.htmlnvdBroken Link
github.com/cisagov/vulnrichment/issues/199nvdIssue Tracking
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562nvdBroken Link
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.073
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000