#VU41811 Permissions, Privileges, and Access Controls in Adobe Reader - CVE-2014-0514
Published: April 16, 2014 / Updated: August 11, 2020
Vulnerability identifier: #VU41811
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2014-0514
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Adobe Reader
Adobe Reader
Software vendor:
Adobe
Adobe
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.
Remediation
Install update from vendor's website.
External links
- http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html
- http://packetstormsecurity.com/files/127113/Adobe-Reader-for-Android-addJavascriptInterface-Exploit.html
- http://seclists.org/fulldisclosure/2014/Apr/192
- http://www.exploit-db.com/exploits/32884
- http://www.exploit-db.com/exploits/33791
- http://www.osvdb.org/105781
- http://www.securify.nl/advisory/SFY20140401/adobe_reader_for_android_exposes_insecure_javascript_interfaces.html
- http://www.securityfocus.com/archive/1/531831/100/0/threaded
- http://www.securityfocus.com/bid/66798