Kaspersky LabKLA10440KLA10440 Multiple vulnerabilities in Adobe Acrobat & Reader
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
98.8%
Multiple critical vulnerabilities have been found in Adobe Acrobat and Reader. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information, execute arbitrary code and read arbitrary files.
Below is a complete list of vulnerabilities
- use-after-free vulnerability can be exploited via unspecified vectors;
- Unknown vectors can be exploited via XML external entity declaration;
- Race conditions can be exploited via an NTFS junction;
- Unknown vectors can be exploited via JavaScript API;
- An integer overflow can be exploited via unspecified vectors;
- Unlnown vectors can be exploited remotely;
- Heap based buffer overflow can be exploited via unknown vectors.
Original advisories
Related products
CVE list
CVE-2014-8445 critical
CVE-2014-9165 critical
CVE-2014-8452 critical
CVE-2014-8453 critical
CVE-2014-9150 high
CVE-2014-8446 critical
CVE-2014-8447 critical
CVE-2014-8448 critical
CVE-2014-8456 critical
CVE-2014-8454 critical
CVE-2014-8455 critical
CVE-2014-8451 critical
CVE-2014-8449 critical
CVE-2014-8457 critical
CVE-2014-8458 critical
CVE-2014-8460 critical
CVE-2014-8459 critical
CVE-2014-8461 critical
CVE-2014-9158 critical
CVE-2014-9159 critical
Solution
Update to latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- RLF
Read Local Files. Exploitation of vulnerabilities with this impact can lead to reading some inaccessible files. Files that can be read depends on conΡrete program errors.
Affected Products
- Adobe Reader XI 11.0.09 and earlierAdobe Reader X 10.1.12 and earlierAdobe Acrobat XI 11.0.09 and earlierAdobe Acrobat X 10.1.12 and earlier
References
helpx.adobe.com/security/products/reader/apsb14-28.html
statistics.securelist.com/
threats.kaspersky.com/en/product/Adobe-Acrobat-X/
threats.kaspersky.com/en/product/Adobe-Acrobat-XI/
threats.kaspersky.com/en/product/Adobe-Acrobat/
threats.kaspersky.com/en/product/Adobe-Reader-X/
threats.kaspersky.com/en/product/Adobe-Reader-XI/
threats.kaspersky.com/en/product/Adobe-Reader/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
98.8%