CVE-2014-9150Race Condition in Adobe Acrobat

CWE-362Race Condition2 documents2 sources
Severity
6.4MEDIUMNVD
EPSS
1.7%
top 17.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedNov 30
Latest updateMay 17

Description

Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

NVDadobe/acrobat_reader11.0.8+8
NVDadobe/acrobat11.0.8+8

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

1
GHSA
GHSA-x8vq-jv88-c5cc: Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 112022-05-17
CVE-2014-9150 — Race Condition in Adobe Acrobat | cvebase