Acrobat Reader
CVE-2014-9150
MEDIUM
Severity by source
AV:N/AC:L/Au:N/C:N/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:N/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568.
AnalysisAI
Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-362. Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568. Affected products include: Adobe Acrobat Reader, Adobe Acrobat. Version information: before 11.0.09.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Acrobat Reader
View allBuffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attacke
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass inten
Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows
Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attacke
Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attacke
Multiple stack-based buffer overflows in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and M
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.
Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attack
Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attack
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X a
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitra
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X a
Same weakness CWE-362 – Race Condition
View allSame technique Race Condition
View allShare
External POC / Exploit Code
Leaving vuln.today