cbcvebase.
CVE-2011-4369
published 2011-12-16

CVE-2011-4369: Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X…

PriorityP273critical10CVSS 2.0
AVNACLAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
7.61%
93.8th percentile
Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

Affected

48 ranges· showing 25
VendorProductVersion rangeFixed in
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat
adobeacrobat_reader

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability resides in the PRC (Product Representation Compact) component of Adobe Reader/Acrobat; inspect PDF files containing PRC/3D content for exploitation attempts targeting memory corruption
  • This vulnerability was actively exploited in the wild in December 2011; prioritize detection of suspicious PDF activity from that period and monitor for exploitation of Adobe Reader/Acrobat processes
  • ·Vulnerability details are unspecified ('unknown vectors'); no concrete attack payload, file hash, or network indicator was publicly disclosed, limiting signature-based detection
  • ·Patch for Adobe Reader 9.x on UNIX was delayed; systems running that platform remained unpatched beyond the initial advisory date

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.