CVE-2011-2462 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
adobe	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
adobe	acrobat	𝑥 ≤ 10.1.1
adobe	acrobat_reader	𝑥 ≤ 10.1.1
adobe	acrobat_reader	9.0 ≤ 𝑥 ≤ 9.4.6

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

acroread

oneiric	Fixed 9.4.7-1oneiric1 released
natty	Fixed 9.4.7-1natty1 released
maverick	Fixed 9.4.7-1maverick1 released
lucid	Fixed 9.4.7-1lucid1 released
hardy	ignored

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html

http://www.adobe.com/support/security/advisories/apsa11-04.html

http://www.adobe.com/support/security/bulletins/apsb11-30.html

http://www.adobe.com/support/security/bulletins/apsb12-01.html

http://www.redhat.com/support/errata/RHSA-2012-0011.html

http://www.us-cert.gov/cas/techalerts/TA11-350A.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html

http://www.adobe.com/support/security/advisories/apsa11-04.html

http://www.adobe.com/support/security/bulletins/apsb11-30.html

http://www.adobe.com/support/security/bulletins/apsb12-01.html

http://www.redhat.com/support/errata/RHSA-2012-0011.html

http://www.us-cert.gov/cas/techalerts/TA11-350A.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562