{"cve":{"cve_id":"CVE-2011-2462","is_kev":true,"kev_date_added":"2022-06-08","kev_vendor_project":"Adobe","kev_product":"Reader and Acrobat","kev_vulnerability_name":"Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability","kev_short_description":"The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).","kev_required_action":"Apply updates per vendor instructions.","kev_due_date":"2022-06-22","kev_known_ransomware":false,"kev_notes":"https://nvd.nist.gov/vuln/detail/CVE-2011-2462","kev_cwes":["CWE-787"],"epss_score":0.86123,"epss_percentile":0.99701,"epss_as_of":"2026-06-23","description":"Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.","published_at":"2011-12-07T19:00:00Z","last_modified_at":"2026-06-16T23:31:23.203000Z","cvss_v3_score":8.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"active","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-787"],"nvd_references":["http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html","http://www.adobe.com/support/security/bulletins/apsb12-01.html","http://www.adobe.com/support/security/advisories/apsa11-04.html","http://www.redhat.com/support/errata/RHSA-2012-0011.html","http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html","http://www.adobe.com/support/security/bulletins/apsb11-30.html","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562","http://www.us-cert.gov/cas/techalerts/TA11-350A.html"],"vuln_status":"Analyzed","trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-28T23:05:54.204192Z"},"effective_severity":"HIGH","badges":["kev","epss"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"adobe","vendor_name":"Adobe","product_slug":"acrobat","product_name":"acrobat","version_start":null,"version_start_inclusive":null,"version_end":"10.1.1","version_end_inclusive":true,"cpe23_uri":"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*"},{"vendor_slug":"adobe","vendor_name":"Adobe","product_slug":"acrobat-reader","product_name":"Acrobat Reader","version_start":null,"version_start_inclusive":null,"version_end":"10.1.1","version_end_inclusive":true,"cpe23_uri":"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*"}],"exploit_refs":[],"news":[],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"http://www.adobe.com/support/security/bulletins/apsb12-01.html","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"http://www.adobe.com/support/security/advisories/apsa11-04.html","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"http://www.redhat.com/support/errata/RHSA-2012-0011.html","source_type":"MISC","tags":[]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"http://www.adobe.com/support/security/bulletins/apsb11-30.html","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562","source_type":"MISC","tags":[]},{"url":"http://www.us-cert.gov/cas/techalerts/TA11-350A.html","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2011-12-07T19:00:00Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2022-06-08T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"ssvc_changed","at":"2026-06-24T00:30:43.703670Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:30:43.703670Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:30:43.703670Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:30:43.703670Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:30:43.703670Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:30:43.703670Z","label":"CVSS score revised","source":"vulnrichment"}]}