Vulnerabilities > CVE-2014-0546 - Security Bypass vulnerability in Adobe Acrobat and Reader

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

adobe

microsoft

critical

nessus

NVD

Published: 2014-08-12

Updated: 2017-01-07

Summary

Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Acrobat Reader 10.0 Adobe Acrobat Reader 10.0.1 Adobe Acrobat Reader 10.0.2 Adobe Acrobat Reader 10.0.3 Adobe Acrobat Reader 10.1 Adobe Acrobat Reader 10.1.1 Adobe Acrobat Reader 10.1.2 Adobe Acrobat Reader 10.1.3 Adobe Acrobat Reader 10.1.4 Adobe Acrobat Reader 10.1.5 Adobe Acrobat Reader 10.1.6 Adobe Acrobat Reader 10.1.7 Adobe Acrobat Reader 10.1.8 Adobe Acrobat Reader 10.1.9 Adobe Acrobat Reader 10.1.10 Adobe Acrobat Reader 11.0 Adobe Acrobat Reader 11.0.1 Adobe Acrobat Reader 11.0.2 Adobe Acrobat Reader 11.0.3 Adobe Acrobat Reader 11.0.4 Adobe Acrobat Reader 11.0.5 Adobe Acrobat Reader 11.0.6 Adobe Acrobat Reader 11.0.7 Adobe Acrobat 10.0 Adobe Acrobat 10.0.1 Adobe Acrobat 10.0.2 Adobe Acrobat 10.0.3 Adobe Acrobat 10.1 Adobe Acrobat 10.1.1 Adobe Acrobat 10.1.2 Adobe Acrobat 10.1.3 Adobe Acrobat 10.1.4 Adobe Acrobat 10.1.5 Adobe Acrobat 10.1.6 Adobe Acrobat 10.1.7 Adobe Acrobat 10.1.8 Adobe Acrobat 10.1.9 Adobe Acrobat 10.1.10 Adobe Acrobat 11.0 Adobe Acrobat 11.0.1 Adobe Acrobat 11.0.2 Adobe Acrobat 11.0.3 Adobe Acrobat 11.0.4 Adobe Acrobat 11.0.5 Adobe Acrobat 11.0.6 Adobe Acrobat 11.0.7	46
OS	Microsoft Microsoft Windows *	1

Nessus

NASL family	Windows
NASL id	ADOBE_ACROBAT_APSB14-19.NASL
description	The version of Adobe Acrobat installed on the remote host is a version prior to 10.1.11 / 11.0.08. It is, therefore, affected by a sandbox bypass flaw which can allow an attacker to run arbitrary code with escalated privileges on Windows hosts. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	77176
published	2014-08-12
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/77176
title	Adobe Acrobat < 10.1.11 / 11.0.08 Sandbox Bypass (APSB14-19)

NASL family	Windows
NASL id	ADOBE_READER_APSB14-19.NASL
description	The version of Adobe Reader installed on the remote host is a version prior to 10.1.11 / 11.0.08. It is, therefore, affected by a sandbox bypass flaw which can allow an attacker to run arbitrary code with escalated privileges on Windows hosts. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	77175
published	2014-08-12
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/77175
title	Adobe Reader < 10.1.11 / 11.0.08 Sandbox Bypass (APSB14-19)

The Hacker News

id	THN:E74C80E5EA61ADB4F070B3294F799B5B
last seen	2018-01-27
modified	2014-08-13
published	2014-08-12
reporter	Mohit Kumar
source	https://thehackernews.com/2014/08/adobe-security-update.html
title	Adobe Releases Critical Security Updates for Flash Player, Acrobat and Adobe Reader

Summary

Vulnerable Configurations

Nessus

The Hacker News

References