Details of VAR-201112-0167

ID

VAR-201112-0167

CVE

CVE-2011-2462

TITLE

Adobe Acrobat and Reader U3D memory corruption vulnerability

Trust: 1.1

sources: CERT/CC: VU#759307 // BID: 50922

DESCRIPTION

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. ( Memory corruption ) A state vulnerability exists.Arbitrary code execution or denial of service by a third party ( Memory corruption ) It may be in a state. Adobe Acrobat and Reader are prone to a remote memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Acrobat is a series of products aimed at enterprises, technicians and creative professionals launched in 1993, making the transmission and collaboration of intelligent documents more flexible, reliable and secure. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2012:0011-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0011.html Issue date: 2012-01-10 CVE Names: CVE-2011-2462 CVE-2011-4369 ===================================================================== 1. Summary: Updated acroread packages that fix two security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). These flaws are detailed on the Adobe security page APSB11-30, listed in the References section. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-9.4.7-1.el4.i386.rpm acroread-plugin-9.4.7-1.el4.i386.rpm x86_64: acroread-9.4.7-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-9.4.7-1.el4.i386.rpm acroread-plugin-9.4.7-1.el4.i386.rpm x86_64: acroread-9.4.7-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-9.4.7-1.el4.i386.rpm acroread-plugin-9.4.7-1.el4.i386.rpm x86_64: acroread-9.4.7-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-9.4.7-1.el4.i386.rpm acroread-plugin-9.4.7-1.el4.i386.rpm x86_64: acroread-9.4.7-1.el4.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.4.7-1.el5.i386.rpm acroread-plugin-9.4.7-1.el5.i386.rpm x86_64: acroread-9.4.7-1.el5.i386.rpm acroread-plugin-9.4.7-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.4.7-1.el5.i386.rpm acroread-plugin-9.4.7-1.el5.i386.rpm x86_64: acroread-9.4.7-1.el5.i386.rpm acroread-plugin-9.4.7-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm x86_64: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm x86_64: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm x86_64: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2462.html https://www.redhat.com/security/data/cve/CVE-2011-4369.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-30.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.4.7" References ========== [ 1 ] CVE-2010-4091 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4091 [ 2 ] CVE-2011-0562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0562 [ 3 ] CVE-2011-0563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0563 [ 4 ] CVE-2011-0565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0565 [ 5 ] CVE-2011-0566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0566 [ 6 ] CVE-2011-0567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0567 [ 7 ] CVE-2011-0570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0570 [ 8 ] CVE-2011-0585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0585 [ 9 ] CVE-2011-0586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0586 [ 10 ] CVE-2011-0587 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0587 [ 11 ] CVE-2011-0588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0588 [ 12 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 13 ] CVE-2011-0590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0590 [ 14 ] CVE-2011-0591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0591 [ 15 ] CVE-2011-0592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0592 [ 16 ] CVE-2011-0593 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0593 [ 17 ] CVE-2011-0594 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0594 [ 18 ] CVE-2011-0595 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0595 [ 19 ] CVE-2011-0596 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0596 [ 20 ] CVE-2011-0598 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0598 [ 21 ] CVE-2011-0599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0599 [ 22 ] CVE-2011-0600 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0600 [ 23 ] CVE-2011-0602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0602 [ 24 ] CVE-2011-0603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0603 [ 25 ] CVE-2011-0604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0604 [ 26 ] CVE-2011-0605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0605 [ 27 ] CVE-2011-0606 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0606 [ 28 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 29 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 30 ] CVE-2011-2135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 31 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 32 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 33 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 34 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 35 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 36 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 37 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 38 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 39 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 40 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 41 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 42 ] CVE-2011-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2431 [ 43 ] CVE-2011-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2432 [ 44 ] CVE-2011-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2433 [ 45 ] CVE-2011-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2434 [ 46 ] CVE-2011-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2435 [ 47 ] CVE-2011-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2436 [ 48 ] CVE-2011-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2437 [ 49 ] CVE-2011-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2438 [ 50 ] CVE-2011-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2439 [ 51 ] CVE-2011-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2440 [ 52 ] CVE-2011-2441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2441 [ 53 ] CVE-2011-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2442 [ 54 ] CVE-2011-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2462 [ 55 ] CVE-2011-4369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4369 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-19.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . I. Description Adobe Security Bulletin APSB11-30 and Adobe Security Advisory APSA11-04 describe a number of vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities affect Reader and Acrobat 9.4.6 and earlier 9.x versions. These vulnerabilities also affect Reader X and Acrobat X 10.1.1 and earlier 10.x versions. An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in, which can automatically open PDF documents hosted on a website, is available for multiple web browsers and operating systems. Adobe Reader X and Adobe Acrobat X will be patched in the next quarterly update scheduled for January 10, 2012. II. Impact These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file. III. Solution Update Reader Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB11-30 and update vulnerable versions of Adobe Reader and Acrobat. In addition to updating, please consider the following mitigations. Disable Flash in Adobe Reader and Acrobat Disabling Flash in Adobe Reader will mitigate attacks that rely on Flash content embedded in a PDF file. Disabling 3D & Multimedia support does not directly address the vulnerability, but it does provide additional mitigation and results in a more user-friendly error message instead of a crash. To disable Flash and 3D & Multimedia support in Adobe Reader 9, delete, rename, or remove access to these files: Microsoft Windows "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll" Apple Mac OS X "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle" "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/Adobe3D.framework" GNU/Linux (locations may vary among distributions) "/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so" "/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so" File locations may be different for Adobe Acrobat or other Adobe products that include Flash and 3D & Multimedia support. Disabling these plugins will reduce functionality and will not protect against Flash content that is hosted on websites. Depending on the update schedule for products other than Flash Player, consider leaving Flash and 3D & Multimedia support disabled unless they are absolutely required. Acrobat JavaScript can be disabled using the Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable Acrobat JavaScript). Adobe provides a framework to blacklist specific JavaScipt APIs. If JavaScript must be enabled, this framework may be useful when specific APIs are known to be vulnerable or used in attacks. Prevent Internet Explorer from automatically opening PDF files The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to a safer option that prompts the user by importing the following as a .REG file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00 Disable the display of PDF files in the web browser Preventing PDF files from opening inside a web browser will partially mitigate this vulnerability. If this workaround is applied, it may also mitigate future vulnerabilities. To prevent PDF files from automatically being opened in a web browser, do the following: 1. 2. Open the Edit menu. 3. Choose the Preferences option. 4. Choose the Internet section. 5. Uncheck the "Display PDF in browser" checkbox. PDF documents that use the PRC format for 3D content will continue to function on Windows and Linux platforms. To disable U3D support in Adobe Reader 9 on Microsoft Windows, delete or rename this file: "%ProgramFiles%\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d" For Apple Mac OS X, delete or rename this directory: "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/Adobe3D.framework" For GNU/Linux, delete or rename this file (locations may vary among distributions): "/opt/Adobe/Reader9/Reader/intellinux/plug_ins3d/3difr.x3d" File locations may be different for Adobe Acrobat or other Adobe products or versions. Do not access PDF files from untrusted sources Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010. IV. Please send email to <cert@cert.org> with "TA11-350A Feedback VU#759307" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2011 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History December 16, 2011: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTuuZnz/GkGVXE7GMAQIN8ggAjjQO8LOasl98uasGZW2J5SHfkKr675Mf ymRzBagFqO9QuId2RvFG2b9nuq5zdqETsrcG1t668wtYLUhBaoLmFXPe/KsDQ9n+ /p9PctVJFmJpV92S3kAHw+u4t1n/Aa/4IdK0oXNBDhkyXrp41F27LY+aQ8FWWuxZ lL4jXSUQ/gLgb6hOhLjRCsQtEhAcPbX/mPNxl6bACXZaOVZT88fz9M7JXryDiJWO uuFi3O2GT0Bd3fEsL57U/TSbq8SynadObMSj4/+Q1HmOHcD0L5gzd9/N4M3D1Emg y7aeUpgycY5eFefY3LVVkb7JkTUbEZHbuNHydFKIJDRlaXBAo+D0QQ== =rKM4 -----END PGP SIGNATURE-----

Trust: 3.06

sources: NVD: CVE-2011-2462 // CERT/CC: VU#759307 // JVNDB: JVNDB-2011-003287 // BID: 50922 // VULHUB: VHN-50407 // VULMON: CVE-2011-2462 // PACKETSTORM: 108558 // PACKETSTORM: 109194 // PACKETSTORM: 107960

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat	scope:	lte	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	lte	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	lte	version:	9.4.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	gte	version:	9.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.4.6	Trust: 0.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.3.2	Trust: 0.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.3.1	Trust: 0.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.1.1	Trust: 0.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.3	Trust: 0.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.2	Trust: 0.9
vendor:	adobe	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	アドビ	model:	adobe reader	scope:	eq	version:	x (10.1.1) earlier 10.x for windows macintosh	Trust: 0.8
vendor:	アドビ	model:	adobe reader	scope:	eq	version:	9.4.6 9.x previous s for macintosh	Trust: 0.8
vendor:	アドビ	model:	adobe reader	scope:	eq	version:	9.4.7 9.x previous s for windows	Trust: 0.8
vendor:	アドビ	model:	adobe acrobat	scope:	-	version:	-	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.1	Trust: 0.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.1.2	Trust: 0.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.0	Trust: 0.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.1.3	Trust: 0.6
vendor:	suse	model:	linux enterprise desktop sp1	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp4	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	opensuse	scope:	eq	version:	11.4	Trust: 0.3
vendor:	suse	model:	opensuse	scope:	eq	version:	11.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws extras	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux extras	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux es extras	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux as extras	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	desktop extras	scope:	eq	version:	4	Trust: 0.3
vendor:	red	model:	hat enterprise linux workstation supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux supplementary server	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux server supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop supplementary client	scope:	eq	version:	5	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.4.6	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.4.5	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.4.4	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.4.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.4.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.4.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.4	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.4.6	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.1.3	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.4.5	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.4.4	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.4.3	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.4.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.4.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.4	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.3	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.4.6	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.1.3	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.4.5	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.4.4	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.4.3	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.4.2	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.4.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.4	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.3	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.2	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	10.0	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	8.2.4	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.4.5	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.4.4	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.4.3	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.4.2	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.4.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.4	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	9	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 0.3
vendor:	adobe	model:	reader	scope:	ne	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	ne	version:	9.4.7	Trust: 0.3
vendor:	adobe	model:	reader	scope:	ne	version:	9.5	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	ne	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	ne	version:	9.4.7	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	ne	version:	9.5	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	ne	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	ne	version:	9.4.7	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	ne	version:	9.5	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	ne	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	ne	version:	9.4.7	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	ne	version:	9.5	Trust: 0.3

sources: CERT/CC: VU#759307 // BID: 50922 // JVNDB: JVNDB-2011-003287 // CNNVD: CNNVD-201112-061 // NVD: CVE-2011-2462

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-2462
value:	CRITICAL
Trust: 1.0
CARNEGIE MELLON:	VU#759307
value:	52.51
Trust: 0.8
NVD:	CVE-2011-2462
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201112-061
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-50407
value:	HIGH
Trust: 0.1
VULMON:	CVE-2011-2462
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2011-2462
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-50407
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2011-2462
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2011-2462
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CERT/CC: VU#759307 // VULHUB: VHN-50407 // VULMON: CVE-2011-2462 // JVNDB: JVNDB-2011-003287 // CNNVD: CNNVD-201112-061 // NVD: CVE-2011-2462

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2011-003287 // NVD: CVE-2011-2462

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 109194 // CNNVD: CNNVD-201112-061

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201112-061

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-50407 // VULMON: CVE-2011-2462

PATCH

title:	APSA11-04 Fujitsu Fujitsu Security information	url:	http://blogs.adobe.com/asset/2011/12/background-on-cve-2011-2462.html	Trust: 0.8
title:	Red Hat: Critical: acroread security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120011 - Security Advisory	Trust: 0.1
title:	ExploitAnalysis	url:	https://github.com/quanyang/ExploitAnalysis	Trust: 0.1
title:	pdf	url:	https://github.com/billytion/pdf	Trust: 0.1
title:	peepdf	url:	https://github.com/jesparza/peepdf	Trust: 0.1
title:	rop-collection	url:	https://github.com/season-lab/rop-collection	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2013/02/22/apt1_report_used_spear_phishing/	Trust: 0.1
title:	Securelist	url:	https://securelist.com/kaspersky-security-bulletin-malware-evolution-2011/36494/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/attackers-reused-adobe-reader-exploit-code-2009-extremely-targeted-hacks-011112/76088/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/adobe-plans-critical-security-updates-reader-acrobat-next-week-010612/76071/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2011/12/17/adobe_reader_critical_update/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/adobe-warns-critical-zero-day-flaw-reader-and-acrobat-120611/75965/	Trust: 0.1

sources: VULMON: CVE-2011-2462 // JVNDB: JVNDB-2011-003287

EXTERNAL IDS

db:	NVD	id:	CVE-2011-2462	Trust: 4.7
db:	USCERT	id:	TA11-350A	Trust: 2.1
db:	CERT/CC	id:	VU#759307	Trust: 1.8
db:	BID	id:	50922	Trust: 1.0
db:	USCERT	id:	TA15-119A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-003287	Trust: 0.8
db:	CNNVD	id:	CNNVD-201112-061	Trust: 0.7
db:	NSFOCUS	id:	18277	Trust: 0.6
db:	PACKETSTORM	id:	108558	Trust: 0.2
db:	EXPLOIT-DB	id:	18366	Trust: 0.2
db:	PACKETSTORM	id:	108359	Trust: 0.1
db:	SEEBUG	id:	SSVID-72491	Trust: 0.1
db:	VULHUB	id:	VHN-50407	Trust: 0.1
db:	VULMON	id:	CVE-2011-2462	Trust: 0.1
db:	PACKETSTORM	id:	109194	Trust: 0.1
db:	PACKETSTORM	id:	107960	Trust: 0.1

sources: CERT/CC: VU#759307 // VULHUB: VHN-50407 // VULMON: CVE-2011-2462 // BID: 50922 // JVNDB: JVNDB-2011-003287 // PACKETSTORM: 108558 // PACKETSTORM: 109194 // PACKETSTORM: 107960 // CNNVD: CNNVD-201112-061 // NVD: CVE-2011-2462

REFERENCES

url:	http://www.adobe.com/support/security/advisories/apsa11-04.html	Trust: 2.9
url:	http://www.us-cert.gov/cas/techalerts/ta11-350a.html	Trust: 2.0
url:	http://www.adobe.com/support/security/bulletins/apsb11-30.html	Trust: 1.6
url:	http://www.adobe.com/support/security/bulletins/apsb12-01.html	Trust: 1.5
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14562	Trust: 1.2
url:	http://www.redhat.com/support/errata/rhsa-2012-0011.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html	Trust: 1.2
url:	http://www.kb.cert.org/vuls/id/759307	Trust: 0.9
url:	http://blogs.adobe.com/asset/2011/12/background-on-cve-2011-2462.html	Trust: 0.8
url:	http://www.microsoft.com/download/en/details.aspx?id=1677	Trust: 0.8
url:	http://blogs.technet.com/b/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx	Trust: 0.8
url:	http://blogs.technet.com/b/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx	Trust: 0.8
url:	http://blogs.technet.com/b/srd/archive/2010/12/08/on-the-effectiveness-of-dep-and-aslr.aspx	Trust: 0.8
url:	http://technet.microsoft.com/en-us/security/advisory/2639658	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu759307/index.html	Trust: 0.8
url:	http://jvn.jp/cert/jvnta11-350a/	Trust: 0.8
url:	http://jvn.jp/ta/jvnta99041988/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2462	Trust: 0.8
url:	https://www.us-cert.gov/ncas/alerts/ta15-119a	Trust: 0.8
url:	https://cisa.gov/known-exploited-vulnerabilities-catalog	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20111208-adobe.html	Trust: 0.8
url:	http://www.securityfocus.com/bid/50922	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/18277	Trust: 0.6
url:	http://www.adobe.com	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2012:0011	Trust: 0.1
url:	https://github.com/quanyang/exploitanalysis	Trust: 0.1
url:	https://github.com/jesparza/peepdf	Trust: 0.1
url:	https://www.exploit-db.com/exploits/18366/	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/kb/docs/doc-11259	Trust: 0.1
url:	https://access.redhat.com/security/team/key/#package	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2011-4369.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-2462	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-4369	Trust: 0.1
url:	http://bugzilla.redhat.com/):	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2012-0011.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2011-2462.html	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2432	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0599	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0604	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-2130	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0567	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0605	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0591	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0586	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0587	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0587	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2438	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0600	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2462	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2434	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0565	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0567	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0596	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0603	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0563	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2431	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0595	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0570	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0588	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0595	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4091	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4369	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0562	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2436	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0596	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0604	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0588	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2439	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0585	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2441	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0598	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0603	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0562	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0602	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0593	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0592	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0590	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137	Trust: 0.1
url:	http://security.gentoo.org/glsa/glsa-201201-19.xml	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0585	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0586	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0589	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0565	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0606	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0570	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0594	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0600	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0592	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2433	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0566	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0599	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4091	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2442	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2437	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0606	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0566	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2435	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0594	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0605	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0563	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0591	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0593	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2440	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0602	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0590	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0598	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://www.adobe.com/support/security/bulletins/apsb11-30.html>	Trust: 0.1
url:	http://www.us-cert.gov/cas/signup.html>.	Trust: 0.1
url:	http://www.us-cert.gov/cas/techalerts/ta11-350a.html>	Trust: 0.1
url:	https://www.adobe.com/support/security/advisories/apsa11-04.html>	Trust: 0.1
url:	http://kb2.adobe.com/cps/504/cpsid_50431.html>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/759307>	Trust: 0.1
url:	http://www.us-cert.gov/legal.html>	Trust: 0.1

CREDITS

Lockheed Martin CIRT and MITRE

Trust: 0.9

sources: BID: 50922 // CNNVD: CNNVD-201112-061

SOURCES

db:	CERT/CC	id:	VU#759307
db:	VULHUB	id:	VHN-50407
db:	VULMON	id:	CVE-2011-2462
db:	BID	id:	50922
db:	JVNDB	id:	JVNDB-2011-003287
db:	PACKETSTORM	id:	108558
db:	PACKETSTORM	id:	109194
db:	PACKETSTORM	id:	107960
db:	CNNVD	id:	CNNVD-201112-061
db:	NVD	id:	CVE-2011-2462

LAST UPDATE DATE

2024-08-14T13:10:30.605000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#759307	date:	2011-12-08T00:00:00
db:	VULHUB	id:	VHN-50407	date:	2017-09-19T00:00:00
db:	VULMON	id:	CVE-2011-2462	date:	2017-09-19T00:00:00
db:	BID	id:	50922	date:	2015-03-19T09:16:00
db:	JVNDB	id:	JVNDB-2011-003287	date:	2024-07-05T02:02:00
db:	CNNVD	id:	CNNVD-201112-061	date:	2011-12-12T00:00:00
db:	NVD	id:	CVE-2011-2462	date:	2024-06-28T14:21:09.670

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#759307	date:	2011-12-08T00:00:00
db:	VULHUB	id:	VHN-50407	date:	2011-12-07T00:00:00
db:	VULMON	id:	CVE-2011-2462	date:	2011-12-07T00:00:00
db:	BID	id:	50922	date:	2011-12-06T00:00:00
db:	JVNDB	id:	JVNDB-2011-003287	date:	2011-12-09T00:00:00
db:	PACKETSTORM	id:	108558	date:	2012-01-11T07:30:45
db:	PACKETSTORM	id:	109194	date:	2012-01-31T00:07:37
db:	PACKETSTORM	id:	107960	date:	2011-12-17T00:27:48
db:	CNNVD	id:	CNNVD-201112-061	date:	1900-01-01T00:00:00
db:	NVD	id:	CVE-2011-2462	date:	2011-12-07T19:55:01.673