Adobe Reader / Acrobat Multiple Vulnerabilities
Last Update Date:
14 May 2014 15:01
Release Date:
14 May 2014
4102
Views
RISK: High Risk
TYPE: Clients - Productivity Products
Multiple vulnerabilities have been reported in Adobe Reader and Acrobat, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
- An unspecified error can be exploited to cause a heap-based buffer overflow.
- An error related to input validation can be exploited to bypass certain security restrictions.
- An error within the implementation of Javascript APIs can be exploited to disclose certain information.
- Some errors can be exploited to corrupt memory.
- Another error can be exploited to corrupt memory.
- Another error can be exploited to corrupt memory.
- An error exists within the handling of certain API calls to unmapped memory.
- A use-after-free error can be exploited to corrupt memory.
- A double-free error can be exploited to corrupt memory.
- An unspecified error can be exploited to cause a buffer overflow.
Successful exploitation of vulnerabilities #1 and #4 through #10 may allow execution of arbitrary code.
Impact
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- Adobe Reader XI versions 11.0.06 and prior for Windows and Macintosh
- Adobe Reader X versions 10.1.9 and prior for Windows and Macintosh
- Adobe Acrobat XI versions 11.0.06 and prior for Windows and Macintosh
- Adobe Acrobat X versions 10.1.9 and prior for Windows and Macintosh
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Apply updates
Vulnerability Identifier
- CVE-2014-0511
- CVE-2014-0512
- CVE-2014-0521
- CVE-2014-0522
- CVE-2014-0523
- CVE-2014-0524
- CVE-2014-0525
- CVE-2014-0526
- CVE-2014-0527
- CVE-2014-0528
- CVE-2014-0529
Source
Related Link
Share with