SB2014041605 - Permissions, Privileges, and Access Controls in Adobe Reader
Published: April 16, 2014 Updated: August 10, 2020
Security Bulletin ID
SB2014041605
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-0514)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.
Remediation
Install update from vendor's website.
References
- http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html
- http://packetstormsecurity.com/files/127113/Adobe-Reader-for-Android-addJavascriptInterface-Exploit.html
- http://seclists.org/fulldisclosure/2014/Apr/192
- http://www.exploit-db.com/exploits/32884
- http://www.exploit-db.com/exploits/33791
- http://www.osvdb.org/105781
- http://www.securify.nl/advisory/SFY20140401/adobe_reader_for_android_exposes_insecure_javascript_interfaces.html
- http://www.securityfocus.com/archive/1/531831/100/0/threaded
- http://www.securityfocus.com/bid/66798