6.4

CVE-2014-9150

Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568.

Data is provided by the National Vulnerability Database (NVD)
AdobeAcrobat Reader Version <= 11.0.8
   MicrosoftWindows
AdobeAcrobat Reader Version11.0
   MicrosoftWindows
AdobeAcrobat Reader Version11.0.1
   MicrosoftWindows
AdobeAcrobat Reader Version11.0.2
   MicrosoftWindows
AdobeAcrobat Reader Version11.0.3
   MicrosoftWindows
AdobeAcrobat Reader Version11.0.4
   MicrosoftWindows
AdobeAcrobat Reader Version11.0.5 Update- SwPlatformwindows
   MicrosoftWindows
AdobeAcrobat Reader Version11.0.6
   MicrosoftWindows
AdobeAcrobat Reader Version11.0.7
   MicrosoftWindows
AdobeAcrobat Version <= 11.0.8
   MicrosoftWindows
AdobeAcrobat Version11.0
   MicrosoftWindows
AdobeAcrobat Version11.0.1
   MicrosoftWindows
AdobeAcrobat Version11.0.2
   MicrosoftWindows
AdobeAcrobat Version11.0.3
   MicrosoftWindows
AdobeAcrobat Version11.0.4
   MicrosoftWindows
AdobeAcrobat Version11.0.5 Update- SwPlatformwindows
   MicrosoftWindows
AdobeAcrobat Version11.0.6
   MicrosoftWindows
AdobeAcrobat Version11.0.7
   MicrosoftWindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.66% 0.815
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.