CVE-2011-4373
Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.
Adobe Reader y Adobe Acrobat antes de v9.5, y v10.x antes de v10.1.2, en Windows y Mac OS X permite a los atacantes ejecutar código de su elección o causar una denegación de servicio (por corrupción de memoria) a través de vectores no especificados. Se trata de una vulnerabilidad diferente a CVE-2011-4370 y CVE-2011-4372.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within 2d.x3d, which is Adobe Reader's code responsible for processing BMP files. When passing a negative size parameter in the 'colors' field, a series of signed comparisons will be averted, and the overly large size parameter is passed to a memcpy(). This will cause a heap-based buffer overflow, allowing an attacker to execute code under the context of the user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-11-04 CVE Reserved
- 2012-01-10 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/51350 | Broken Link | |
| http://www.securitytracker.com/id?1026496 | Broken Link | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14615 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.adobe.com/support/security/bulletins/apsb12-01.html | 2022-06-03 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2011-4373 | 2012-04-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=810397 | 2012-04-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | <= 10.1.1 Search vendor "Adobe" for product "Acrobat" and version " <= 10.1.1" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | * | - |
Safe
|
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | <= 10.1.1 Search vendor "Adobe" for product "Acrobat" and version " <= 10.1.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Adobe Search vendor "Adobe" | Reader Search vendor "Adobe" for product "Reader" | <= 10.1.1 Search vendor "Adobe" for product "Reader" and version " <= 10.1.1" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | * | - |
Safe
|
| Adobe Search vendor "Adobe" | Reader Search vendor "Adobe" for product "Reader" | <= 10.1.1 Search vendor "Adobe" for product "Reader" and version " <= 10.1.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | <= 9.4.6 Search vendor "Adobe" for product "Acrobat" and version " <= 9.4.6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 9.4.7 Search vendor "Adobe" for product "Acrobat" and version "9.4.7" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Adobe Search vendor "Adobe" | Reader Search vendor "Adobe" for product "Reader" | <= 9.4.6 Search vendor "Adobe" for product "Reader" and version " <= 9.4.6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Adobe Search vendor "Adobe" | Reader Search vendor "Adobe" for product "Reader" | 9.4.7 Search vendor "Adobe" for product "Reader" and version "9.4.7" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | <= 9.4.5 Search vendor "Adobe" for product "Acrobat" and version " <= 9.4.5" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 9.4.6 Search vendor "Adobe" for product "Acrobat" and version "9.4.6" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Reader Search vendor "Adobe" for product "Reader" | <= 9.4.5 Search vendor "Adobe" for product "Reader" and version " <= 9.4.5" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Reader Search vendor "Adobe" for product "Reader" | 9.4.6 Search vendor "Adobe" for product "Reader" and version "9.4.6" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|