ID CVE-2014-0546
Summary Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors.
References
Vulnerable Configurations
  • Adobe Acrobat Reader X (10.0)
    cpe:2.3:a:adobe:acrobat_reader:10.0
  • Adobe Acrobat Reader X (10.0.1)
    cpe:2.3:a:adobe:acrobat_reader:10.0.1
  • Adobe Acrobat Reader X (10.0.2)
    cpe:2.3:a:adobe:acrobat_reader:10.0.2
  • Adobe Acrobat Reader X (10.0.3)
    cpe:2.3:a:adobe:acrobat_reader:10.0.3
  • Adobe Acrobat Reader X 10.1
    cpe:2.3:a:adobe:acrobat_reader:10.1
  • Adobe Acrobat Reader X 10.1.1
    cpe:2.3:a:adobe:acrobat_reader:10.1.1
  • Adobe Acrobat Reader X 10.1.10
    cpe:2.3:a:adobe:acrobat_reader:10.1.10
  • Adobe Acrobat Reader X (10.1.2)
    cpe:2.3:a:adobe:acrobat_reader:10.1.2
  • Adobe Acrobat Reader X (10.1.3)
    cpe:2.3:a:adobe:acrobat_reader:10.1.3
  • Adobe Acrobat Reader X (10.1.4)
    cpe:2.3:a:adobe:acrobat_reader:10.1.4
  • Adobe Acrobat Reader 10.1.5
    cpe:2.3:a:adobe:acrobat_reader:10.1.5
  • Adobe Acrobat Reader X (10.1.6)
    cpe:2.3:a:adobe:acrobat_reader:10.1.6
  • Adobe Acrobat Reader X (10.1.7)
    cpe:2.3:a:adobe:acrobat_reader:10.1.7
  • Adobe Acrobat Reader 10.1.8
    cpe:2.3:a:adobe:acrobat_reader:10.1.8
  • Adobe Acrobat Reader 10.1.9
    cpe:2.3:a:adobe:acrobat_reader:10.1.9
  • Adobe Acrobat Reader 11.0
    cpe:2.3:a:adobe:acrobat_reader:11.0
  • Adobe Acrobat Reader XI (11.0.1)
    cpe:2.3:a:adobe:acrobat_reader:11.0.1
  • Adobe Acrobat Reader XI (11.0.2)
    cpe:2.3:a:adobe:acrobat_reader:11.0.2
  • Adobe Acrobat Reader XI (11.0.3)
    cpe:2.3:a:adobe:acrobat_reader:11.0.3
  • Adobe Acrobat Reader 11.0.4
    cpe:2.3:a:adobe:acrobat_reader:11.0.4
  • Adobe Acrobat Reader 11.0.5
    cpe:2.3:a:adobe:acrobat_reader:11.0.5:-:-:-:-:windows
  • Adobe Acrobat Reader 11.0.6
    cpe:2.3:a:adobe:acrobat_reader:11.0.6
  • Adobe Acrobat Reader 11.0.7
    cpe:2.3:a:adobe:acrobat_reader:11.0.7
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Adobe Acrobat X (10.0)
    cpe:2.3:a:adobe:acrobat:10.0
  • Adobe Acrobat 11.0.5
    cpe:2.3:a:adobe:acrobat:11.0.5:-:-:-:-:windows
  • Adobe Acrobat 11.0
    cpe:2.3:a:adobe:acrobat:11.0
  • Adobe Acrobat XI (11.0.1)
    cpe:2.3:a:adobe:acrobat:11.0.1
  • Adobe Acrobat XI (11.0.2)
    cpe:2.3:a:adobe:acrobat:11.0.2
  • Adobe Acrobat XI (11.0.3)
    cpe:2.3:a:adobe:acrobat:11.0.3
  • Adobe Acrobat 11.0.4
    cpe:2.3:a:adobe:acrobat:11.0.4
  • Adobe Acrobat 11.0.6
    cpe:2.3:a:adobe:acrobat:11.0.6
  • Adobe Acrobat 11.0.7
    cpe:2.3:a:adobe:acrobat:11.0.7
  • Adobe Acrobat X (10.0.1)
    cpe:2.3:a:adobe:acrobat:10.0.1
  • Adobe Acrobat X (10.0.2)
    cpe:2.3:a:adobe:acrobat:10.0.2
  • Adobe Acrobat X (10.0.3)
    cpe:2.3:a:adobe:acrobat:10.0.3
  • Adobe Acrobat X (10.1)
    cpe:2.3:a:adobe:acrobat:10.1
  • Adobe Acrobat X (10.1.1)
    cpe:2.3:a:adobe:acrobat:10.1.1
  • Adobe Acrobat X (10.1.10)
    cpe:2.3:a:adobe:acrobat:10.1.10
  • Adobe Acrobat X (10.1.2)
    cpe:2.3:a:adobe:acrobat:10.1.2
  • Adobe Acrobat X (10.1.3)
    cpe:2.3:a:adobe:acrobat:10.1.3
  • Adobe Acrobat X (10.1.4)
    cpe:2.3:a:adobe:acrobat:10.1.4
  • Adobe Acrobat 10.1.5
    cpe:2.3:a:adobe:acrobat:10.1.5
  • Adobe Acrobat 10.1.6
    cpe:2.3:a:adobe:acrobat:10.1.6
  • Adobe Acrobat 10.1.7
    cpe:2.3:a:adobe:acrobat:10.1.7
  • Adobe Acrobat 10.1.8
    cpe:2.3:a:adobe:acrobat:10.1.8
  • Adobe Acrobat 10.1.9
    cpe:2.3:a:adobe:acrobat:10.1.9
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
CVSS
Base: 10.0 (as of 13-08-2014 - 23:13)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Windows
    NASL id ADOBE_READER_APSB14-19.NASL
    description The version of Adobe Reader installed on the remote host is a version prior to 10.1.11 / 11.0.08. It is, therefore, affected by a sandbox bypass flaw which can allow an attacker to run arbitrary code with escalated privileges on Windows hosts. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 77175
    published 2014-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77175
    title Adobe Reader < 10.1.11 / 11.0.08 Sandbox Bypass (APSB14-19)
  • NASL family Windows
    NASL id ADOBE_ACROBAT_APSB14-19.NASL
    description The version of Adobe Acrobat installed on the remote host is a version prior to 10.1.11 / 11.0.08. It is, therefore, affected by a sandbox bypass flaw which can allow an attacker to run arbitrary code with escalated privileges on Windows hosts. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 77176
    published 2014-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77176
    title Adobe Acrobat < 10.1.11 / 11.0.08 Sandbox Bypass (APSB14-19)
refmap via4
confirm http://helpx.adobe.com/security/products/reader/apsb14-19.html
sectrack 1030711
the hacker news via4
id THN:E74C80E5EA61ADB4F070B3294F799B5B
last seen 2018-01-27
modified 2014-08-13
published 2014-08-12
reporter Mohit Kumar
source https://thehackernews.com/2014/08/adobe-security-update.html
title Adobe Releases Critical Security Updates for Flash Player, Acrobat and Adobe Reader
Last major update 06-01-2017 - 21:59
Published 12-08-2014 - 17:55
Back to Top