CVE-2014-9150CVE-2014-9150

Affected configuration(s):

cpe:/a:adobe:acrobat:11.0
cpe:/a:adobe:acrobat:11.0.1
cpe:/a:adobe:acrobat:11.0.2
cpe:/a:adobe:acrobat:11.0.3
cpe:/a:adobe:acrobat:11.0.4
cpe:/a:adobe:acrobat:11.0.5:-:~~~windows~~
cpe:/a:adobe:acrobat:11.0.6
cpe:/a:adobe:acrobat:11.0.7
cpe:/a:adobe:acrobat:11.0.8
cpe:/a:adobe:acrobat_reader:11.0
cpe:/a:adobe:acrobat_reader:11.0.1
cpe:/a:adobe:acrobat_reader:11.0.2
cpe:/a:adobe:acrobat_reader:11.0.3
cpe:/a:adobe:acrobat_reader:11.0.4
cpe:/a:adobe:acrobat_reader:11.0.5:-:~~~windows~~
cpe:/a:adobe:acrobat_reader:11.0.6
cpe:/a:adobe:acrobat_reader:11.0.7
cpe:/a:adobe:acrobat_reader:11.0.8

Date published: 2014-11-29T21:59:00.087-05:00

Date last modified: 2014-12-17T11:35:51.743-05:00

CVSS Score: 6.4

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://helpx.adobe.com/security/products/reader/apsb14-28.html

Summary: Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.