CVE-2011-2462 - Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability

Adobe | Acrobat and Reader

• Date Added:
• 2022-06-08

• Due Date:
• 2022-06-22

Vulnerability Name

Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability

Description

The Universal 3D (U3D) component in Adobe Acrobat and Reader contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2011-2462

Top Security News

Critical RCE bug in Microsoft Outlook now exploited in attacks

Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now

Magecart Attackers Abuse Google Ad Tool to Steal Data

FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux

Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts

The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence?

Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

Newspaper Giant Lee Enterprises Reels From Cyberattack

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumMissing Anti-clickjacking Header

MediumAbsence of Anti-CSRF Tokens

InformationalInformation Disclosure - Suspicious Comments

MediumContent Security Policy (CSP) Header Not Set

InformationalModern Web Application

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

LowX-Content-Type-Options Header Missing

Latest CVE List

CVE-2024-57727 SimpleHelp Path Traversal Vulnerability

CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability

CVE-2025-24200 Apple iOS and iPadOS Incorrect Authorization Vulnerability

CVE-2025-21391 Microsoft Windows Storage Link Following Vulnerability

CVE-2025-21418 Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability

CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability

CVE-2024-40891 Zyxel DSL CPE OS Command Injection Vulnerability

CVE-2025-0994 Trimble Cityworks Deserialization Vulnerability

CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability

CVE-2022-23748 Dante Discovery Process Control Vulnerability

Common CWEs

MediumCWE-190 Integer Overflow or Wraparound

CWE-544 Missing Standardized Error Handling Mechanism

CWE-286 Incorrect User Management

CWE-566 Authorization Bypass Through User-Controlled SQL Primary Key

HighCWE-378 Creation of Temporary File With Insecure Permissions

CWE-455 Non-exit on Failed Initialization

CWE-261 Weak Encoding for Password

CWE-50 Path Equivalence: '//multiple/leading/slash'

CWE-668 Exposure of Resource to Wrong Sphere

CWE-796 Only Filtering Special Elements Relative to a Marker