CVE-2014-8446 – Adobe Acrobat/Reader – Memory Corruption


Vulnerability:

Memory corruption vulnerability that could lead to code execution.

Vulnerability Description

A vulnerability, which was classified as critical, was found in Adobe Acrobat and Reader up to 11.0.09. This affects an unknown function. The manipulation with an unknown input leads to memory corruption. This is going to have an impact on confidentiality, integrity, and availability.It is possible to initiate the attack remotely. No form of authentication is needed for exploitation.

CVE ID

CVE-2014-8446

Vendor

www.adobe.com

Product

Adobe Reader 11.0.09
Adobe Reader 10.1.3
Adobe Reader 10.1.2
Adobe Reader 10.1.1
Adobe Reader 10.1
Adobe Reader 10.0.3
Adobe Reader 10.0.2
Adobe Reader 10.0.1
Adobe Reader 10.0
Adobe Acrobat 10.1.3
Adobe Acrobat 10.1.2
Adobe Acrobat 10.1.1
Adobe Acrobat 10.1
Adobe Acrobat 10.0.3
Adobe Acrobat 10.0.2
Adobe Acrobat 10.0.1
Adobe Acrobat 10.0

Disclosure Timeline

  1. 15 May 2014 – Reported to Vendor
  2. 16 May 2014 – Response received from Vendor
  3. 22 Oct 2014– CVE assigned
  4. 09 Dec 2014 – Advisory & Patch released

Credits

  1. Ashfaq Ansari

Technical details

https://helpx.adobe.com/in/security/products/reader/apsb14-28.html

 

Leave a Reply

Your email address will not be published. Required fields are marked *

4 + 16 =