CVE-2011-0606Buffer Access with Incorrect Length Value in Adobe Acrobat

CWE-805Buffer Access with Incorrect Length ValueCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents6 sources
Severity
9.3CRITICALNVD
EPSS
15.8%
top 5.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedFeb 10
Latest updateMay 14

Description

Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a crafted length value, a different vulnerability than CVE-2011-0563 and CVE-2011-0589.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat_reader27 versions+26
NVDadobe/acrobat28 versions+27

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

3
GHSA
GHSA-9rx7-vx78-rj38: Adobe Reader and Acrobat 102022-05-14
GHSA
GHSA-jjp3-m764-2w7x: Adobe Reader and Acrobat 102022-05-14
GHSA
GHSA-7c5f-8pwv-5983: Stack-based buffer overflow in rt3d2022-05-14

💥Exploits & PoCs

1
Exploit-DB
HP Data Protector 6.20 - EXEC_CMD Buffer Overflow2011-06-30

📋Vendor Advisories

3
Red Hat
acroread: critical APSB11-032011-02-08
Red Hat
acroread: critical APSB11-032011-02-08
Red Hat
acroread: critical APSB11-032011-02-08

📐Framework References

1
CWE
Buffer Access with Incorrect Length Value

💬Community

1
Bugzilla
CVE-2011-0562 CVE-2011-0563 CVE-2011-0565 CVE-2011-0566 CVE-2011-0567 CVE-2011-0585 CVE-2011-0586 CVE-2011-0589 CVE-2011-0590 CVE-2011-0591 CVE-2011-0592 CVE-2011-0593 CVE-2011-0594 CVE-2011-0595 acro2011-02-08
CVE-2011-0606 — Adobe Acrobat vulnerability | cvebase