Vulnerability CVE-2014-0514


Published: 2014-04-15   Modified: 2014-04-16

Description:
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.

See advisories in our WLB2 database:
Topic
Author
Date
High
Adobe Reader for Android addJavascriptInterface Exploit
joev
17.06.2014

Vendor: Adobe
Product: Adobe reader 
Version: 11.1.3; 11.1.0;

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html
http://packetstormsecurity.com/files/127113/Adobe-Reader-for-Android-addJavascriptInterface-Exploit.html
http://seclists.org/fulldisclosure/2014/Apr/192
http://www.exploit-db.com/exploits/32884
http://www.exploit-db.com/exploits/33791
http://www.osvdb.org/105781
http://www.securify.nl/advisory/SFY20140401/adobe_reader_for_android_exposes_insecure_javascript_interfaces.html
http://www.securityfocus.com/archive/1/archive/1/531831/100/0/threaded
http://www.securityfocus.com/bid/66798

Related CVE
CVE-2018-4916
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intende...
CVE-2018-4915
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intende...
CVE-2018-4914
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end o...
CVE-2018-4913
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the XFA engine, rela...
CVE-2018-4912
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end o...
CVE-2018-4911
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API r...
CVE-2018-4910
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine...
CVE-2018-4909
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end o...

Copyright 2018, cxsecurity.com

 

Back to Top