⚠ Actively exploited

Added to CISA KEV on 2022-05-25. Federal agencies required to patch by 2022-06-15. Required action: Apply updates per vendor instructions..

CVE-2014-0546 — Adobe Acrobat vulnerability

4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

26.2%

top 3.69%

CISA KEV

KEV

Added 2022-05-25

Due 2022-06-15

Exploit

Exploited in wild

Active exploitation observed

Affected products

Adobe Acrobat Adobe Acrobat Reader

Timeline

PublishedAug 12

KEV addedMay 25

KEV dueJun 15

CISA Required Action: Apply updates per vendor instructions.

Description

Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDadobe/acrobat_reader10.0 — 10.1.11+1

▶NVDadobe/acrobat10.0 — 10.1.11+1

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-m362-frg6-j2v7: Adobe Reader and Acrobat 10↗2022-05-17

▶

VulnCheck

Adobe Reader and Acrobat Sandbox Bypass Vulnerability↗2014

▶

📋Vendor Advisories

CISA

Adobe Reader and Acrobat Sandbox Bypass Vulnerability↗2022-05-25

▶