SB2014041605 - Permissions, Privileges, and Access Controls in Adobe Reader



SB2014041605 - Permissions, Privileges, and Access Controls in Adobe Reader

Published: April 16, 2014 Updated: August 10, 2020

Security Bulletin ID SB2014041605
CSH Severity
High
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-0514)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber


The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.


Remediation

Install update from vendor's website.