Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:94FC39F3167AF8AC0E00090201EF5A3F
HistoryDec 21, 2011 - 12:00 a.m.

Adobe Reader U3D Heap Overflow

2011-12-2100:00:00
SAINT Corporation
www.saintcorporation.com
32

0.972 High

EPSS

Percentile

99.8%

JSON

Added: 12/21/2011
CVE: CVE-2011-2462
BID: 50922
OSVDB: 77529

Background

Adobe Reader is free software for viewing PDF documents.

Problem

A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D (U3D) files. This vulnerability is unrelated to CVE-2009-2997.

Resolution

Apply one of the security patches referenced in Adobe Security Bulletin ASPA11-04.

References

<http://blogs.adobe.com/asset/2011/12/background-on-cve-2011-2462.html&gt;

Limitations

This exploit has been tested against Adobe Systems Reader 9.4.6 on Windows XP SP3 English (DEP OptIn). While our testing suggests that reliable exploitation is likely, due the volatile nature of heap locations, this exploit may not be 100% reliable and may occasionally cause Reader to crash without executing the payload.

Platforms

Windows

Related

saint 7
ubuntucve 2
prion 2
seebug 3
metasploit 1
cve 2
checkpoint_advisories 1
attackerkb 1
threatpost 4
cisa_kev 1
cert 1
thn 1
packetstorm 1
canvas 1
exploitdb 1
nessus 26
securityvulns 5
openvas 17
suse 3
redhat 2
freebsd 1
gentoo 2
saint
saint
Adobe Reader U3D Heap Overflow
2011-12-21 00:00:00
Adobe Reader U3D Heap Overflow
2011-12-21 00:00:00
Adobe Reader U3D Heap Overflow
2011-12-21 00:00:00
ubuntucve
ubuntucve
CVE-2009-2997
2009-10-19 00:00:00
CVE-2011-2462
2011-12-07 00:00:00
prion
prion
Heap overflow
2009-10-19 22:30:00
Memory corruption
2011-12-07 19:55:00
seebug
seebug
Adobe Reader U3Dๆ•ฐๆฎๅค„็†ไปฃ็ ๆ‰ง่กŒๆผๆดž
2011-12-08 00:00:00
Adobe Reader U3D Memory Corruption Vulnerability
2014-07-01 00:00:00
Adobe Reader: Multiple vulnerabilities
2009-10-27 00:00:00
metasploit
metasploit
Adobe Reader U3D Memory Corruption Vulnerability
2012-01-04 09:49:49
cve
cve
CVE-2011-2462
2011-12-07 19:55:00
CVE-2009-2997
2009-10-19 22:30:00
checkpoint_advisories
checkpoint_advisories
Adobe Reader and Acrobat U3D Shading Modifier Memory Corruption (APSA11-04; CVE-2011-2462)
2011-12-07 00:00:00
attackerkb
attackerkb
CVE-2011-2462
2011-12-07 00:00:00
threatpost
threatpost
Attackers Using Known Trojan in Exploits on Adobe Zero Day
2011-12-08 13:07:31
Adobe Warns of Critical Zero-Day Flaw in Reader and Acrobat
2011-12-06 19:30:06
Adobe Plans Critical Security Updates for Reader, Acrobat Next Week
2012-01-06 19:26:09
cisa_kev
cisa_kev
Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability
2022-06-08 00:00:00
cert
cert
Adobe Acrobat and Reader U3D memory corruption vulnerability
2011-12-08 00:00:00
thn
thn
Critical Zero-day Vulnerability in Adobe Reader
2011-12-08 03:38:00
packetstorm
packetstorm
Adobe Reader U3D Memory Corruption
2012-01-04 00:00:00
canvas
canvas
Immunity Canvas: PDF_U3D
2011-12-07 19:55:00
exploitdb
exploitdb
Adobe Reader - U3D Memory Corruption (Metasploit)
2012-01-14 00:00:00
nessus
nessus
RHEL 5 / 6 : acroread (RHSA-2012:0011)
2012-01-11 00:00:00
SuSE 11.1 Security Update : Acrobat Reader (SAT Patch Number 5649)
2012-01-18 00:00:00
SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 7924)
2012-01-18 00:00:00
securityvulns
securityvulns
Adobe Acrobat / Reader multiple security vulnerabilities
2011-12-19 00:00:00
VUPEN Security - Adobe Acrobat and Reader U3D Filter Code Execution Vulnerabilities
2009-10-17 00:00:00
Adobe Acrobat / Reader multiple security vulnerabilities
2012-02-13 00:00:00
openvas
openvas
SuSE Update for acroread openSUSE-SU-2012:0087-1 (acroread)
2012-08-02 00:00:00
Adobe Reader 'U3D' Component Memory Corruption Vulnerability - Linux
2011-12-09 00:00:00
openSUSE: Security Advisory for acroread (openSUSE-SU-2012:0087-1)
2012-08-02 00:00:00
suse
suse
acroread (important)
2012-01-17 18:08:26
Security update for Acrobat Reader (important)
2012-01-17 17:08:27
remote code execution in acroread, acroread_ja
2009-10-26 13:17:31
redhat
redhat
(RHSA-2012:0011) Critical: acroread security update
2012-01-10 00:00:00
(RHSA-2009:1499) Critical: acroread security update
2009-10-14 00:00:00
freebsd
freebsd
acroread9 -- Multiple Vulnerabilities
2011-12-07 00:00:00
gentoo
gentoo
Adobe Reader: Multiple vulnerabilities
2009-10-25 00:00:00
Adobe Reader: Multiple vulnerabilities
2012-01-30 00:00:00

0.972 High

EPSS

Percentile

99.8%

JSON
Related for SAINT:94FC39F3167AF8AC0E00090201EF5A3F
saint7ubuntucve2prion2seebug3metasploit1cve2checkpoint_advisories1attackerkb1threatpost4cisa_kev1cert1thn1packetstorm1canvas1exploitdb1nessus26securityvulns5openvas17suse3redhat2freebsd1gentoo2