+233-2990093-27/29

Vulnerabilities in Adobe Reader and Acrobat

21st July 2014

Vulnerabilities in Adobe Reader and Acrobat

Date of First Release: 19-05-2014

Date of Last Release: 19-05-2014

Source: Adobe, Common Vulnerabilities Exposures (CVE)

System Affected:

1. Adobe Reader XI (11.0.06) and earlier 11.x versions for Windows and Macintosh

2. Adobe Reader X (10.1.9) and earlier 10.x versions for Windows and Macintosh

3. Adobe Acrobat XI (11.0.06) and earlier 11.x versions for Windows and Macintosh

4. Adobe Acrobat X (10.1.9) and earlier 10.x versions for Windows and Macintosh

Overview: Multiple vulnerabilities reported in Adobe Reader and Acrobat that could cause a crash and potentially allow an attacker to take control of the affected system.

Description:

1. Heap-based buffer overflow vulnerability [CVE-2014-0511]

This vulnerability in the Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors.

2. Security bypass vulnerability [CVE-2014-0512]

This vulnerability in the Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors.

3. Information disclosure vulnerability [CVE-2014-0521]

This vulnerability in the Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a crafted PDF document

4. Memory corruption vulnerability [CVE-2014-0522], [CVE-2014-0523], [CVE-2014-0524], [CVE-2014-0524] , [CVE-2014-0526]

This vulnerability in the Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

5. API calls Vulnerability [CVE-2014-0525]

This vulnerability of API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X does not prevent access to unmapped memory, which allows attackers to execute arbitrary code via unspecified API calls.

6. Use-after-free vulnerability [CVE-2014-0527], Double free vulnerability [CVE-2014-0528] , Buffer overflow Vulnerability [CVE-2014-0529]

This vulnerability in the Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

Impact: These vulnerability cause a crash and potentially allow an attacker to take control of the affected system.

Solution: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh. Adobe recommends users to update their products as follow:-

  • Users of Adobe Reader XI (11.0.06) for Windows and Macintosh should update to Adobe Reader XI (11.0.07)
  • For users of Adobe Reader X (10.1.9) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.07), Adobe has made available the update Adobe Reader X (10.1.10).
  • Users of Adobe Acrobat XI (11.0.06) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.07).
  • For users of Adobe Acrobat X (10.1.9) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.07), Adobe has made available the update Adobe Acrobat X (10.1.10).

References:

Adobe: http://helpx.adobe.com/security/products/acrobat/apsb14-15.html#table

Leave a Reply

Name (Required)

Email (Required - will not be published)

Website

Message (Required)