Skip to main content

Acrobat Reader CVE-2014-9161

CRITICAL
Buffer Overflow (CWE-119)
2015-01-30 psirt@adobe.com
9.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
AV:N/AC:M/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Jan 30, 2015 - 11:59 cve.org
CRITICAL 9.3

DescriptionCVE.org

CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.

AnalysisAI

CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document. Affected products include: Adobe Acrobat Reader, Adobe Acrobat. Version information: before 10.1.13.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2013-2730 CRITICAL POC
10.0 May 16

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attacke

CVE-2015-3073 CRITICAL POC
10.0 May 13

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass inten

CVE-2014-9160 CRITICAL
10.0 May 13

Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows

CVE-2013-3356 CRITICAL
10.0 Sep 12

Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attacke

CVE-2013-3353 CRITICAL
10.0 Sep 12

Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attacke

CVE-2013-3351 CRITICAL
10.0 Sep 12

Multiple stack-based buffer overflows in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and M

CVE-2015-7622 CRITICAL POC
10.0 Oct 14

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.

CVE-2013-3358 CRITICAL
10.0 Sep 12

Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attack

CVE-2013-3357 CRITICAL
10.0 Sep 12

Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attack

CVE-2014-0561 CRITICAL
10.0 Sep 17

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X a

CVE-2012-0774 CRITICAL
10.0 Apr 10

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitra

CVE-2012-1525 CRITICAL
10.0 Aug 15

Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X a

Share

CVE-2014-9161 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy