{"id":12937,"date":"2011-12-14T12:26:29","date_gmt":"2011-12-14T20:26:29","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=12937"},"modified":"2025-06-02T01:24:08","modified_gmt":"2025-06-02T08:24:08","slug":"inside-adobe-reader-zero-day-exploit-cve-2011-2462","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/","title":{"rendered":"Inside Adobe Reader Zero-Day Exploit CVE 2011-2462"},"content":{"rendered":"

Recently a critical vulnerability has been identified in Adobe Reader X and Adobe Acrobat X Versions 10.1.1 and earlier for Windows and Mac OS, Reader 9.4.6\u00a0and Reader 9.x Versions for Unix. This zero-day vulnerability (CVE-2011-2462)<\/a> could allow an attacker to execute arbitrary code and silently take the control of a\u00a0victim’s machine. This flaw is currently being exploited in the wild. Adobe says it will release a patch this week.<\/p>\n

McAfee researchers analyzed the exploit (the sample circulating in the wild) and figured out how the vulnerability is exploited and identified the malicious binary, which allows an attacker to take the control of the system.<\/p>\n

Using the MD5 algorithm we found a hash value of b025b06549caae5a7c1d23ac1d014892. The technique used in this exploit has been known to researchers for ages.<\/p>\n

Here’s what we found as output when we ran the PDFiD tool against this exploit.<\/p>\n

\"\"<\/a><\/p>\n

Looking at the output, we can immediately make out what this exploit would contain. Like many other exploits in the wild, this document uses the techniques of \/JavaScript and \/OpenAction to launch its malicious JavaScript. The combination of both of these techniques would make this document suspicious to any researcher.<\/p>\n

\/JS\u00a0and \/JavaScript indicates that this PDF document contains the JavaScript. \/OpenAction\u00a0indicates the action to be performed automatically when the document is viewed. Let\u2019s take the deeper look at the object structure of the PDF and find out what is interesting.<\/p>\n

Object Analysis of the PDF document<\/span><\/strong><\/h2>\n

\"\"<\/a><\/p>\n

Object 1<\/strong> contains the author, email, and the web–a kind of meta information.<\/p>\n

\"\"<\/a><\/p>\n

Object 4<\/strong> has an \/OpenAction reference to object 14, which seems particularly interesting. Let’s take a look at what is in the referenced object.<\/p>\n

\"\"<\/a><\/p>\n

Object 14,<\/strong> as seen above, has the stream link to object 15, which contains the actual compressed JavaScript.<\/p>\n

\"\"<\/a><\/p>\n

This is the malicious JavaScript that is encoded twice, first with ASCIIHexDecode and then with FlateDecode. These stream filters will indicate\u00a0to Reader how to decode the streams while opening the document. This combination of stream filters is widely used in exploits to compress the code. We\u2019ll take a look at the JS code a little later in this analysis. In the meantime, let\u2019s move further into the object structure analysis of the PDF.<\/p>\n

Object 11<\/strong> contains the stream link to Object 10, as seen below. This stream link contains the Flate-encoded 3D Annotations data that is to be Flate decoded and displayed while the Reader document is rendered.<\/p>\n

\"\"<\/a><\/p>\n

According to the Adobe 3D Annotations documentations available here,<\/a>\u00a03DD entry of the Annotations data specifies the Flate-encoded data stream containing the U3D data. That\u2019s exactly what we see in Object 10, <\/strong>as shown below.<\/p>\n

\"\"<\/a><\/p>\n

This U3D data is likely to cause memory corruption and trigger the vulnerability. Object 16 <\/strong>is of special interest to us. Let\u2019s see how this object looks.<\/p>\n

\"\"<\/a><\/p>\n

This object does not have any references and contains the stream that is supposed to be Flate encoded. This stream contains the malicious XORed executable that is dropped after successful exploitation. Let\u2019s see if we can figure out the XOR key.<\/p>\n

\"\"<\/a><\/p>\n

The executable is XORed by 0x12. Looks like this stream wasn\u2019t Flate encoded but rather simply XORed to embed the malicious file within. This technique is normally used in exploits to hide the malicious code and bypass AV detections.<\/p>\n

Let\u2019s take a look at the decoded JS code from Object 15<\/strong> to understand what it does.<\/p>\n

\"\"<\/p>\n

This code checks for supposedly nonexistent versions of Reader and apparently enters an infinite loop if the version comes out to be greater than 10.0. The code appears to use a heap-spray technique to exploit this vulnerability and execute the shellcode. The end of this code checks for the Windows platform and sets the document to page 2 if it is running on Windows and will render the 3D data specified by the U3D file–causing the corruption.<\/p>\n

The heap-spray function in the JS code looks like this:<\/p>\n

\"\"<\/a><\/p>\n

The last function call in the preceding figure allocates the memory and fills up the heap as seen below:<\/p>\n

\"\"<\/a><\/p>\n

Launching this exploit on Windows with Reader 9.4.6 installed will crash and open the new document “2012 Federal Employee Pay Calender.pdf.”<\/p>\n

\"\"<\/p>\n

It spawns the new process pretty.exe and finally injects WSE4EF1.TMP into the iexplore.exe process, which connects to the control server.<\/p>\n

\"\"<\/a><\/p>\n

Looking at pretty.exe, we see that it looks for outlook.exe, iexplore.exe, and firefox.exe. It then injects the code into whichever process it finds open on the victim’s machine.<\/p>\n

\"\"<\/a><\/p>\n

Network Communications<\/span><\/strong><\/p>\n

Once the code is injected into any of these open processes, a connection is made to the domain prettylikeher.com (IP: 72.30.2.43, which was resolved at execution) on port 443. Assuming that it must be using SSL for control, we hooked the WinInet.SecureSend and WinInet.SecureReceive APIs to check what was sent as the encrypted request. We found the following clear-text decrypted traffic:<\/p>\n

\"\"<\/a><\/p>\n

The server responded with HTTP 301. The location header had the HTTP link.<\/p>\n

\"\"<\/a><\/p>\n

Next the HTTP GET request initiated as shown below. The URI query string contains the hostname of the victim’s machine appended with the IP address.\u00a0The SSL and HTTP requests turned out to be the same.<\/p>\n

\"\"<\/a><\/p>\n

Analysis of the Injected DLL WSE4EF1.TMP<\/strong><\/span><\/p>\n

Looking at the injected DLL, the following code forms the HTTP GET request along with the URI query parameters:<\/p>\n

\"\"<\/a><\/p>\n

This DLL also seems be virtual-machine aware. While analyzing the code, we came across the VM check that is performed via the SIDT instruction.<\/p>\n

SIDT\u00a0\u00a0\u00a0 FWORD PTR SS:[EBP-8]<\/p>\n

EAX, DWORD PTR SS:[EBP-6]<\/p>\n

CMP\u00a0\u00a0\u00a0\u00a0 EAX, 8003F400<\/p>\n

JBE\u00a0\u00a0\u00a0\u00a0 SHORT WSE4EF1.10001C88<\/p>\n

CMP\u00a0\u00a0\u00a0\u00a0 EAX, 80047400<\/p>\n

JNB\u00a0\u00a0\u00a0\u00a0 SHORT WSE4EF1.10001C88<\/p>\n

Further analysis of the control code of the DLL reveals that the following commands can be run on the victim’s system:<\/p>\n

Cmd<\/p>\n

Shell<\/p>\n

Run<\/p>\n

Getfile<\/p>\n

Putfile<\/p>\n

Kill<\/p>\n

Process<\/p>\n

Reboot<\/p>\n

Time<\/p>\n

Door<\/p>\n

\"\"<\/a><\/p>\n

McAfee Coverage for Exploit CVE-2011-2462 <\/strong><\/span><\/p>\n

McAfee Intrusion Prevention (formerly IntruShield) has released coverage for the exploit under the attack ID 0x402b1a00 HTTP: Adobe Reader and Acrobat U3D Memory Corruption Remote Code Execution. McAfee customers with up-to-date installations are protected against this malware.<\/p>\n

Acknowledgments<\/strong><\/p>\n

I would like to thank my colleagues Hardik Shah, Swapnil Pathak, and Amit Malik for analyzing this vulnerability and contributing to this blog.<\/p>\n","protected":false},"excerpt":{"rendered":"

Recently a critical vulnerability has been identified in Adobe Reader X and Adobe Acrobat X Versions 10.1.1 and earlier for…<\/p>\n","protected":false},"author":674,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[338,180],"coauthors":[3973],"class_list":["post-12937","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-endpoint-protection","tag-malware"],"acf":[],"yoast_head":"\nInside Adobe Reader Zero-Day Exploit CVE 2011-2462 | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Recently a critical vulnerability has been identified in Adobe Reader X and Adobe Acrobat X Versions 10.1.1 and earlier for Windows and Mac OS, Reader\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Inside Adobe Reader Zero-Day Exploit CVE 2011-2462 | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Recently a critical vulnerability has been identified in Adobe Reader X and Adobe Acrobat X Versions 10.1.1 and earlier for Windows and Mac OS, Reader\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2011-12-14T20:26:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-02T08:24:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/12\/untitled1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"450\" \/>\n\t<meta property=\"og:image:height\" content=\"266\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"McAfee\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/\"},\"author\":{\"name\":\"McAfee\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\"},\"headline\":\"Inside Adobe Reader Zero-Day Exploit CVE 2011-2462\",\"datePublished\":\"2011-12-14T20:26:29+00:00\",\"dateModified\":\"2025-06-02T08:24:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/\"},\"wordCount\":1055,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/12\/untitled1.png\",\"keywords\":[\"endpoint protection\",\"malware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/\",\"name\":\"Inside Adobe Reader Zero-Day Exploit CVE 2011-2462 | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/12\/untitled1.png\",\"datePublished\":\"2011-12-14T20:26:29+00:00\",\"dateModified\":\"2025-06-02T08:24:08+00:00\",\"description\":\"Recently a critical vulnerability has been identified in Adobe Reader X and Adobe Acrobat X Versions 10.1.1 and earlier for Windows and Mac OS, Reader\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/12\/untitled1.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/12\/untitled1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Inside Adobe Reader Zero-Day Exploit CVE 2011-2462\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\",\"name\":\"McAfee\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"caption\":\"McAfee\"},\"description\":\"We're here to make life online safe and enjoyable for everyone.\",\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/x.com\/McAfee\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Inside Adobe Reader Zero-Day Exploit CVE 2011-2462 | McAfee Blog","description":"Recently a critical vulnerability has been identified in Adobe Reader X and Adobe Acrobat X Versions 10.1.1 and earlier for Windows and Mac OS, Reader","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Inside Adobe Reader Zero-Day Exploit CVE 2011-2462 | McAfee Blog","og_description":"Recently a critical vulnerability has been identified in Adobe Reader X and Adobe Acrobat X Versions 10.1.1 and earlier for Windows and Mac OS, Reader","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2011-12-14T20:26:29+00:00","article_modified_time":"2025-06-02T08:24:08+00:00","og_image":[{"width":450,"height":266,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2011\/12\/untitled1.png","type":"image\/png"}],"author":"McAfee","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/"},"author":{"name":"McAfee","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa"},"headline":"Inside Adobe Reader Zero-Day Exploit CVE 2011-2462","datePublished":"2011-12-14T20:26:29+00:00","dateModified":"2025-06-02T08:24:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/"},"wordCount":1055,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/12\/untitled1.png","keywords":["endpoint protection","malware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/","name":"Inside Adobe Reader Zero-Day Exploit CVE 2011-2462 | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/12\/untitled1.png","datePublished":"2011-12-14T20:26:29+00:00","dateModified":"2025-06-02T08:24:08+00:00","description":"Recently a critical vulnerability has been identified in Adobe Reader X and Adobe Acrobat X Versions 10.1.1 and earlier for Windows and Mac OS, Reader","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/12\/untitled1.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2011\/12\/untitled1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/inside-adobe-reader-zero-day-exploit-cve-2011-2462\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Inside Adobe Reader Zero-Day Exploit CVE 2011-2462"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa","name":"McAfee","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","caption":"McAfee"},"description":"We're here to make life online safe and enjoyable for everyone.","sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/x.com\/McAfee"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/12937","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/674"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=12937"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/12937\/revisions"}],"predecessor-version":[{"id":214817,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/12937\/revisions\/214817"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=12937"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=12937"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=12937"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=12937"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}