Adobe Reader and Acrobat 10.x prior to 10.1.11 and 11.x prior to 11.0.08 on Windows allow malicious users to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe acrobat reader 10.0 |
||
adobe acrobat reader 10.0.1 |
||
adobe acrobat reader 10.0.2 |
||
adobe acrobat reader 10.0.3 |
||
adobe acrobat reader 10.1 |
||
adobe acrobat reader 10.1.1 |
||
adobe acrobat reader 10.1.2 |
||
adobe acrobat reader 10.1.3 |
||
adobe acrobat reader 10.1.4 |
||
adobe acrobat reader 10.1.5 |
||
adobe acrobat reader 10.1.6 |
||
adobe acrobat reader 10.1.7 |
||
adobe acrobat reader 10.1.8 |
||
adobe acrobat reader 10.1.9 |
||
adobe acrobat reader 10.1.10 |
||
adobe acrobat reader 11.0 |
||
adobe acrobat reader 11.0.1 |
||
adobe acrobat reader 11.0.2 |
||
adobe acrobat reader 11.0.3 |
||
adobe acrobat reader 11.0.4 |
||
adobe acrobat reader 11.0.5 |
||
adobe acrobat reader 11.0.6 |
||
adobe acrobat reader 11.0.7 |
||
adobe acrobat 10.0 |
||
adobe acrobat 10.0.1 |
||
adobe acrobat 10.0.2 |
||
adobe acrobat 10.0.3 |
||
adobe acrobat 10.1 |
||
adobe acrobat 10.1.1 |
||
adobe acrobat 10.1.2 |
||
adobe acrobat 10.1.3 |
||
adobe acrobat 10.1.4 |
||
adobe acrobat 10.1.5 |
||
adobe acrobat 10.1.6 |
||
adobe acrobat 10.1.7 |
||
adobe acrobat 10.1.8 |
||
adobe acrobat 10.1.9 |
||
adobe acrobat 10.1.10 |
||
adobe acrobat 11.0 |
||
adobe acrobat 11.0.1 |
||
adobe acrobat 11.0.2 |
||
adobe acrobat 11.0.3 |
||
adobe acrobat 11.0.4 |
||
adobe acrobat 11.0.5 |
||
adobe acrobat 11.0.6 |
||
adobe acrobat 11.0.7 |
Perhaps one of the most explosively discussed subjects of 2015 was the compromise and data dump of Hacking Team, the infamous Italian spyware company. For those who are not familiar with the subject, Hacking Team was founded in 2003 and specialized in selling spyware and surveillance tools to governments and law enforcement agencies. On July 5, 2015, a large amount of data from the company was leaked to the Internet with a hacker known as “Phineas Fisher” claiming responsibility for the brea...
PDF version EPUB version Download Full Report PDF Download Full Report EPUB Over the past years, Kaspersky’s Global Research and Analysis Team (GReAT) has shed light on some of the biggest APT campaigns, including RedOctober, Flame, NetTraveler, Miniduke, Epic Turla, Careto/Mask and others. While studying these campaigns we have also identified a number of 0-day exploits, including the most recent CVE-2014-0546. We were also among the first to report on emerging trends in the APT world, ...
Today Adobe released the security bulletin APSB14-19, crediting Kaspersky Lab for reporting CVE-2014-0546. This out of band patch fixes a rather creative sandbox escape technique that we observed in a very limited number of targeted attacks. At the moment, we are not providing any details on these attacks as the investigation is still ongoing. Although these attacks are very rare, just to stay on the safe side we recommend everyone to get the update from the Adobe site as soon as possible. You c...