Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAdobe Acrobat
APPAdobe≤ 10.1.1Adobe Acrobat Reader
APPAdobe≤ 10.1.19.0 – 9.4.6Apple Mac Os X
OSApplewszystkie wersjeMicrosoft Windows
OSMicrosoftwszystkie wersjeOpengroup Unix
OSOpengroupwszystkie wersje
CISA KEV — detailsi
- Vendori
- Adobe ↗
- Producti
- Reader and Acrobat
- Added to KEVi
- June 8, 2022
- Remediation deadline (US Federal)i
- June 22, 2022(overdue)
Apply updates per vendor instructions.
The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit