Vulnerability:
Memory corruption vulnerability that could lead to code execution.
Vulnerability Description
A vulnerability, which was classified as critical, was found in Adobe Acrobat and Reader up to 11.0.09. This affects an unknown function. The manipulation with an unknown input leads to memory corruption. This is going to have an impact on confidentiality, integrity, and availability.It is possible to initiate the attack remotely. No form of authentication is needed for exploitation.
CVE ID
CVE-2014-8446
Vendor
Product
Adobe Reader 11.0.09
Adobe Reader 10.1.3
Adobe Reader 10.1.2
Adobe Reader 10.1.1
Adobe Reader 10.1
Adobe Reader 10.0.3
Adobe Reader 10.0.2
Adobe Reader 10.0.1
Adobe Reader 10.0
Adobe Acrobat 10.1.3
Adobe Acrobat 10.1.2
Adobe Acrobat 10.1.1
Adobe Acrobat 10.1
Adobe Acrobat 10.0.3
Adobe Acrobat 10.0.2
Adobe Acrobat 10.0.1
Adobe Acrobat 10.0
Disclosure Timeline
- 15 May 2014 – Reported to Vendor
- 16 May 2014 – Response received from Vendor
- 22 Oct 2014– CVE assigned
- 09 Dec 2014 – Advisory & Patch released
Credits
- Ashfaq Ansari
Technical details
https://helpx.adobe.com/in/security/products/reader/apsb14-28.html