CVE-2011-2101 — Code Injection in Adobe Acrobat

CWE-94 — Code Injection5 documents5 sources

Severity

9.3CRITICALNVD

EPSS

14.5%

top 5.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Nova Adobe Acrobat Adobe Acrobat Reader

Timeline

PublishedJun 16

Latest updateMay 17

Description

Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDadobe/acrobat_reader35 versions+34

▶NVDadobe/acrobat36 versions+35

▶PyPIopenstack/nova< 12.0.0a0

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-rq58-343g-rcp4: Adobe Reader and Acrobat 8↗2022-05-17

▶

GHSA

Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules↗2022-05-17

▶

📋Vendor Advisories

Red Hat

acroread: multiple code execution flaws (APSB11-16)↗2011-06-14

▶

💬Community

Bugzilla

acroread: multiple code execution flaws (APSB11-16)↗2011-07-12

▶