CVE-2014-0496

CVSS 8.8 HIGHEPSS 40.2%● KEVCWE-416

In short

Adobe Reader and Acrobat versions 10 and 11 contain a use-after-free flaw that allows attackers to run malicious code on your computer. This happens because the software tries to use memory that has already been freed, which attackers can exploit through specially crafted files.

Technical detail

Use-after-free vulnerability in Adobe Reader/Acrobat 10.x (before 10.1.9) and 11.x (before 11.0.06) on Windows and macOS allows remote code execution via unspecified attack vectors. The vulnerability stems from improper memory management where freed memory is subsequently accessed, enabling arbitrary code execution with user interaction (opening a malicious PDF or similar file).

Summary generated and translated by AI from the official description.

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://helpx.adobe.com/security/products/acrobat/apsb14-01.html https://github.com/cisagov/vulnrichment/issues/199 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0496 http://www.securitytracker.com/id/1029604