CVE-2014-0496
published 2014-01-15CVE-2014-0496: Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute…
PriorityP179high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-03-24
Exploited in the wild
EPSS
40.24%
98.5th percentile
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | >= 10.0 < 10.1.9 | 10.1.9 |
| adobe | acrobat | >= 11.0 < 11.0.6 | 11.0.6 |
Detection & IOCsextracted from sources · hover to see the quote
- ·Vulnerability is described with 'unspecified vectors' — no technical exploitation details, payloads, network indicators, or attack-specific artifacts are disclosed in the available sources. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h9rj-88q7-9jg3: Use-after-free vulnerability in Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-14
CVE-2014-0496 [HIGH] CWE-416 GHSA-h9rj-88q7-9jg3: Use-after-free vulnerability in Adobe Reader and Acrobat 10
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
VulnCheck
Adobe Reader and Acrobat Use-After-Free Vulnerability
vulncheck·2014·CVSS 8.8
CVE-2014-0496 [HIGH] CWE-399 Adobe Reader and Acrobat Use-After-Free Vulnerability
Adobe Reader and Acrobat Use-After-Free Vulnerability
Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.
Affected: Adobe Acrobat and Reader
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-03-24
CISA
Adobe Reader and Acrobat Use-After-Free Vulnerability
cisa·2022-03-03·CVSS 8.8
CVE-2014-0496 [HIGH] CWE-399 Adobe Reader and Acrobat Use-After-Free Vulnerability
Vulnerability: Adobe Reader and Acrobat Use-After-Free Vulnerability
Affected: Adobe Reader and Acrobat
Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2014-0496
Remediation Due Date: 2022-03-24
No detection rules found.
No public exploits indexed.
arXiv
Digital Investigation of PDF Files: Unveiling Traces of Embedded Malware
arxiv_fulltext·2017-07-17
Digital Investigation of PDF Files: Unveiling Traces of Embedded Malware
Digital Investigation of PDF Files:\ Traces of Embedded Malware
Davide Maiorca, Member, IEEE,
Battista Biggio, Senior Member, IEEE,
Preprint of the work accepted for publication in the IEEE Security & Privacy magazine, Special Issue on Digital Forensics, Nov. - Dec. 2017, http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7854112
The authors are with the Department of Electrical and Electronic Engineering, University of Cagliari, Piazza d'Armi, 09123 Cagliari, Italy.
Davide Maiorca: e-mail [email protected]
Battista Biggio: e-mail [email protected]
## Abstract
Over the last decade, malicious software (or malware, for short) has shown an increasing sophistication and proliferation, fueled by a flourishing underground economy, in response to the increasing complex
Bugzilla
CVE-2014-0516 flash-plugin: same origin policy bypass (APSB14-14)
bugzilla·2014-05-13·CVSS 7.5
CVE-2014-0516 [HIGH] CVE-2014-0516 flash-plugin: same origin policy bypass (APSB14-14)
CVE-2014-0516 flash-plugin: same origin policy bypass (APSB14-14)
Adobe has released Flash Player 11.2.202.359 for Linux to correct the following flaw:
* These updates resolve a vulnerability that could be used to bypass the same origin policy (CVE-2014-0516).
External References:
http://helpx.adobe.com/security/products/flash-player/apsb14-14.html
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0496 https://rhn.redhat.com/errata/RHSA-2014-0496.html
Bugzilla
CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 flash-plugin: security protection bypass (APSB14-14)
bugzilla·2014-05-13·CVSS 7.5
CVE-2014-0517 [HIGH] CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 flash-plugin: security protection bypass (APSB14-14)
CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 flash-plugin: security protection bypass (APSB14-14)
Adobe has released Flash Player 11.2.202.359 for Linux to correct the following flaw:
* These updates resolve security bypass vulnerabilities (CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520).
External References:
http://helpx.adobe.com/security/products/flash-player/apsb14-14.html
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0496 https://rhn.redhat.com/errata/RHSA-2014-0496.html
http://helpx.adobe.com/security/products/acrobat/apsb14-01.htmlhttp://www.securitytracker.com/id/1029604http://helpx.adobe.com/security/products/acrobat/apsb14-01.htmlhttp://www.securitytracker.com/id/1029604https://github.com/cisagov/vulnrichment/issues/199https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0496
2014-01-15
Published
2022-03-03
Added to CISA KEV
Exploited in the wild