PT-2014-1394 · Adobe · Reader+1

Published

2014-09-17

Updated

2017-08-29

CVE-2014-0568

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe Reader versions 10.x through 10.1.11 Adobe Reader versions 11.x through 11.0.08 Adobe Acrobat versions 10.x through 10.1.11 Adobe Acrobat versions 11.x through 11.0.08

Description The issue allows attackers to bypass a sandbox protection mechanism and execute native code in a privileged context via an NTFS junction attack. This enables the execution of machine code in a privileged context, potentially leading to elevated privileges.

Recommendations For Adobe Reader versions 10.x through 10.1.11, update to version 10.1.12 or later. For Adobe Reader versions 11.x through 11.0.08, update to version 11.0.09 or later. For Adobe Acrobat versions 10.x through 10.1.11, update to version 10.1.12 or later. For Adobe Acrobat versions 11.x through 11.0.08, update to version 11.0.09 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-00318

BDU:2015-00319

CVE-2014-0568

Affected Products

Acrobat

Reader

PT-2014-1394 · Adobe · Reader+1

CVE-2014-0568

Related Identifiers

Affected Products

References · 9