Skip to main content

Adobe Reader / Acrobat Multiple Vulnerabilities

Last Update Date: 14 May 2014 15:01 Release Date: 14 May 2014 4102 Views

RISK: High Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

Multiple vulnerabilities have been reported in Adobe Reader and Acrobat, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

  1. An unspecified error can be exploited to cause a heap-based buffer overflow.
  2. An error related to input validation can be exploited to bypass certain security restrictions.
  3. An error within the implementation of Javascript APIs can be exploited to disclose certain information.
  4. Some errors can be exploited to corrupt memory.
  5. Another error can be exploited to corrupt memory.
  6. Another error can be exploited to corrupt memory.
  7. An error exists within the handling of certain API calls to unmapped memory.
  8. A use-after-free error can be exploited to corrupt memory.
  9. A double-free error can be exploited to corrupt memory.
  10. An unspecified error can be exploited to cause a buffer overflow.

Successful exploitation of vulnerabilities #1 and #4 through #10 may allow execution of arbitrary code.


Impact

  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Adobe Reader XI versions 11.0.06 and prior for Windows and Macintosh
  • Adobe Reader X versions 10.1.9 and prior for Windows and Macintosh
  • Adobe Acrobat XI versions 11.0.06 and prior for Windows and Macintosh
  • Adobe Acrobat X versions 10.1.9 and prior for Windows and Macintosh

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Apply updates


Vulnerability Identifier


Source


Related Link