Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:A349338637A1691CF3A26B6961567E5F
HistoryDec 21, 2011 - 12:00 a.m.

Adobe Reader U3D Heap Overflow

2011-12-2100:00:00
SAINT Corporation
download.saintcorporation.com
20

0.97 High

EPSS

Percentile

99.8%

JSON

Added: 12/21/2011
CVE: CVE-2011-2462
BID: 50922
OSVDB: 77529

Background

Adobe Reader is free software for viewing PDF documents.

Problem

A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D (U3D) files. This vulnerability is unrelated to CVE-2009-2997.

Resolution

Apply one of the security patches referenced in Adobe Security Bulletin ASPA11-04.

References

<http://blogs.adobe.com/asset/2011/12/background-on-cve-2011-2462.html&gt;

Limitations

This exploit has been tested against Adobe Systems Reader 9.4.6 on Windows XP SP3 English (DEP OptIn). While our testing suggests that reliable exploitation is likely, due the volatile nature of heap locations, this exploit may not be 100% reliable and may occasionally cause Reader to crash without executing the payload.

Platforms

Windows

Related

saint 7
ubuntucve 2
prion 2
cvelist 2
metasploit 1
seebug 3
cve 2
checkpoint_advisories 1
attackerkb 1
packetstorm 1
thn 1
canvas 1
threatpost 4
cisa_kev 1
cert 1
exploitdb 1
nessus 26
securityvulns 5
openvas 17
redhat 2
suse 3
freebsd 1
gentoo 2
saint
saint
Adobe Reader U3D Heap Overflow
2011-12-21 00:00:00
Adobe Reader U3D Heap Overflow
2011-12-21 00:00:00
Adobe Reader U3D Heap Overflow
2011-12-21 00:00:00
ubuntucve
ubuntucve
CVE-2009-2997
2009-10-19 00:00:00
CVE-2011-2462
2011-12-07 00:00:00
prion
prion
Heap overflow
2009-10-19 22:30:00
Memory corruption
2011-12-07 19:55:00
cvelist
cvelist
CVE-2011-2462
2011-12-07 19:00:00
CVE-2009-2997
2009-10-19 22:00:00
metasploit
metasploit
Adobe Reader U3D Memory Corruption Vulnerability
2012-01-04 09:49:49
seebug
seebug
Adobe Reader U3Dๆ•ฐๆฎๅค„็†ไปฃ็ ๆ‰ง่กŒๆผๆดž
2011-12-08 00:00:00
Adobe Reader U3D Memory Corruption Vulnerability
2014-07-01 00:00:00
Adobe Reader: Multiple vulnerabilities
2009-10-27 00:00:00
cve
cve
CVE-2011-2462
2011-12-07 19:55:00
CVE-2009-2997
2009-10-19 22:30:00
checkpoint_advisories
checkpoint_advisories
Adobe Reader and Acrobat U3D Shading Modifier Memory Corruption (APSA11-04; CVE-2011-2462)
2011-12-07 00:00:00
attackerkb
attackerkb
CVE-2011-2462
2011-12-07 00:00:00
packetstorm
packetstorm
Adobe Reader U3D Memory Corruption
2012-01-04 00:00:00
thn
thn
Critical Zero-day Vulnerability in Adobe Reader
2011-12-08 03:38:00
canvas
canvas
Immunity Canvas: PDF_U3D
2011-12-07 19:55:00
threatpost
threatpost
Adobe Warns of Critical Zero-Day Flaw in Reader and Acrobat
2011-12-06 19:30:06
Attackers Using Known Trojan in Exploits on Adobe Zero Day
2011-12-08 13:07:31
Adobe Plans Critical Security Updates for Reader, Acrobat Next Week
2012-01-06 19:26:09
cisa_kev
cisa_kev
Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability
2022-06-08 00:00:00
cert
cert
Adobe Acrobat and Reader U3D memory corruption vulnerability
2011-12-08 00:00:00
exploitdb
exploitdb
Adobe Reader - U3D Memory Corruption (Metasploit)
2012-01-14 00:00:00
nessus
nessus
RHEL 5 / 6 : acroread (RHSA-2012:0011)
2012-01-11 00:00:00
SuSE 11.1 Security Update : Acrobat Reader (SAT Patch Number 5649)
2012-01-18 00:00:00
Adobe Reader < 9.4.7 Multiple Memory Corruption Vulnerabilities (APSB11-30)
2011-12-07 00:00:00
securityvulns
securityvulns
Adobe Acrobat / Reader multiple security vulnerabilities
2011-12-19 00:00:00
VUPEN Security - Adobe Acrobat and Reader U3D Filter Code Execution Vulnerabilities
2009-10-17 00:00:00
Adobe Acrobat / Reader multiple security vulnerabilities
2012-02-13 00:00:00
openvas
openvas
SuSE Update for acroread openSUSE-SU-2012:0087-1 (acroread)
2012-08-02 00:00:00
openSUSE: Security Advisory for acroread (openSUSE-SU-2012:0087-1)
2012-08-02 00:00:00
Adobe Reader/Acrobat 'U3D' Component Memory Corruption Vulnerability (APSA11-04, APSB11-30) - Windows
2011-12-09 00:00:00
redhat
redhat
(RHSA-2012:0011) Critical: acroread security update
2012-01-10 00:00:00
(RHSA-2009:1499) Critical: acroread security update
2009-10-14 00:00:00
suse
suse
Security update for Acrobat Reader (important)
2012-01-17 17:08:27
acroread (important)
2012-01-17 18:08:26
remote code execution in acroread, acroread_ja
2009-10-26 13:17:31
freebsd
freebsd
acroread9 -- Multiple Vulnerabilities
2011-12-07 00:00:00
gentoo
gentoo
Adobe Reader: Multiple vulnerabilities
2009-10-25 00:00:00
Adobe Reader: Multiple vulnerabilities
2012-01-30 00:00:00

0.97 High

EPSS

Percentile

99.8%

JSON
Related for SAINT:A349338637A1691CF3A26B6961567E5F
saint7ubuntucve2prion2cvelist2metasploit1seebug3cve2checkpoint_advisories1attackerkb1packetstorm1thn1canvas1threatpost4cisa_kev1cert1exploitdb1nessus26securityvulns5openvas17redhat2suse3freebsd1gentoo2