SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Adobe Acrobat/Reader Vendors:   Adobe Systems Incorporated
Adobe Acrobat and Reader Bugs Let Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code
SecurityTracker Alert ID:  1030229
SecurityTracker URL:  http://securitytracker.com/id/1030229
CVE Reference:   CVE-2014-0521, CVE-2014-0522, CVE-2014-0523, CVE-2014-0524, CVE-2014-0525, CVE-2014-0526, CVE-2014-0527, CVE-2014-0528, CVE-2014-0529   (Links to External Site)
Date:  May 13 2014
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.1.9 and prior; 11.0.06 and prior
Description:   Several vulnerabilities were reported in Adobe Acrobat and Reader. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain potentially sensitive information.

A remote user can exploit a flaw in the implementation of Javascript APIs to obtain potentially sensitive information [CVE-2014-0521].

A remote user can create a specially crafted file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2014-0522, CVE-2014-0523, CVE-2014-0524, CVE-2014-0526].

A remote user can exploit a memory flaw in the handling of certain API calls to execute arbitrary code [CVE-2014-0525].

A remote user can create a specially crafted file that, when loaded by the target user, will trigger a use-after-free memory error and execute arbitrary code on the target system [CVE-2014-0527].

A remote user can create a specially crafted file that, when loaded by the target user, will trigger a double-free memory error and execute arbitrary code on the target system [CVE-2014-0528].

A remote user can create a specially crafted file that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system [CVE-2014-0529].


Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can obtain potentially sensitive information.

Solution:   The vendor has issued a fix (10.1.10, 11.0.07).

The vendor's advisory is available at:

http://helpx.adobe.com/security/products/reader/apsb14-15.html

Vendor URL:  helpx.adobe.com/security/products/reader/apsb14-15.html (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Linux (Any), UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC