Published: 15/01/2014 Updated: 13/12/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe Reader and Acrobat 10.x prior to 10.1.9 and 11.x prior to 11.0.06 on Windows and Mac OS X allow malicious users to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0493.

Vulnerability Trend

Affected Products

Vendor Product Versions
AdobeAcrobat10.0, 10.0.1, 10.0.2, 10.0.3, 10.1, 10.1.0, 10.1.1, 10.1.2, 10.1.3, 10.1.4, 10.1.5, 10.1.6, 10.1.7, 10.1.8, 11.0, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, 11.0.5

Recent Articles

Adobe’s First Patch Tuesday of 2014
Securelist • Roel Schouwenberg • 14 Jan 2014

This month’s Adobe Patch Tuesday release sees fixes for Flash Player, Acrobat and Reader. All vulnerabilities get the highest priority rating. This means future exploits are likely.

The Flash Player bulletin was only announced today. CVE-2014-0491 and CVE-2014-0492 both concern remote code execution vulnerabilities.
CVE-2014-0493, CVE-2014-0495 and CVE-2014-0496 affect Acrobat and Reader. These CVEs also concern remote code execution vulnerabilities. All of this month’s...

Adobe Updates Security for Flash, Reader, Acrobat
Threatpost • Brian Donohue • 14 Jan 2014

Adobe has issued security bulletins addressing five critical vulnerabilities in its Flash, Reader and Acrobat Players that could give attackers the ability to cause crashes and wrest control of affected machines.
Adobe claims it is not aware of any in-the-wild exploits targeting these bugs.
CVE-2014-0491 and CVE-2014-0492, reported by Masato Kinugawa and the Zero Day Initiative respectively, resolve problems in Adobe Flash and AIR. Users will need to update Flash Player 11.9.900.170 ...