CVE-2011-0592Improper Input Validation in Adobe Acrobat

CWE-20Improper Input Validation19 documents4 sources
Severity
9.3CRITICALNVD
EPSS
4.4%
top 10.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedFeb 10
Latest updateMay 14

Description

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to "Texture bmp," a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat_reader27 versions+26
NVDadobe/acrobat28 versions+27

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

6
GHSA
GHSA-vmqj-vh6g-cjq3: Adobe Reader and Acrobat 102022-05-14
GHSA
GHSA-39c8-3fh7-57wr: The U3D component in Adobe Reader and Acrobat 102022-05-14
GHSA
GHSA-cj48-gr7g-jvm7: Adobe Reader and Acrobat 102022-05-14
GHSA
GHSA-g2g7-mp7p-qwgx: Adobe Reader and Acrobat 102022-05-14
GHSA
GHSA-phmp-vmqj-g6v8: Adobe Reader and Acrobat 102022-05-14

📋Vendor Advisories

6
Red Hat
acroread: critical APSB11-032011-02-08
Red Hat
acroread: critical APSB11-032011-02-08
Red Hat
acroread: critical APSB11-032011-02-08
Red Hat
acroread: critical APSB11-032011-02-08
Red Hat
acroread: critical APSB11-032011-02-08

💬Community

1
Bugzilla
CVE-2011-0562 CVE-2011-0563 CVE-2011-0565 CVE-2011-0566 CVE-2011-0567 CVE-2011-0585 CVE-2011-0586 CVE-2011-0589 CVE-2011-0590 CVE-2011-0591 CVE-2011-0592 CVE-2011-0593 CVE-2011-0594 CVE-2011-0595 acro2011-02-08
CVE-2011-0592 — Improper Input Validation in Adobe | cvebase