PT-2014-8850 · Adobe · Reader+1
Published
2014-11-30
·
Updated
2014-12-17
·
CVE-2014-9150
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Adobe Reader and Acrobat versions 11.0.0 through 11.0.8
Description
A race condition in the MoveFileEx call hook feature allows attackers to bypass a sandbox protection mechanism, enabling them to write to files in arbitrary locations via an NTFS junction attack.
Recommendations
For Adobe Reader and Acrobat versions 11.0.0 through 11.0.8, update to version 11.0.09 or later to resolve the issue.
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat
Reader