PT-2014-8850 · Adobe · Reader+1
Publicado
2014-11-30
·
Atualizado
2014-12-17
·
CVE-2014-9150
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Adobe Reader and Acrobat versions 11.0.0 through 11.0.8
Description
A race condition in the MoveFileEx call hook feature allows attackers to bypass a sandbox protection mechanism, enabling them to write to files in arbitrary locations via an NTFS junction attack.
Recommendations
For Adobe Reader and Acrobat versions 11.0.0 through 11.0.8, update to version 11.0.09 or later to resolve the issue.
Correção
Race Condition
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Acrobat
Reader